From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.16712.1634057823445706529 for ; Tue, 12 Oct 2021 09:57:03 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: joseph.hemann@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DE95A1FB; Tue, 12 Oct 2021 09:57:02 -0700 (PDT) Received: from u203013-lin.austin.arm.com (unknown [10.118.29.243]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D5A473F694; Tue, 12 Oct 2021 09:57:02 -0700 (PDT) From: "Joseph Hemann" To: devel@edk2.groups.io Cc: nd@arm.com, Joseph Hemann , Jiewen Yao , Jian J Wang , Min Xu , Joseph Hemann Subject: [PATCH 1/1] SecurityPkg/DxeImageVerificationLib: Set Action for failed unsigned image Date: Tue, 12 Oct 2021 11:57:01 -0500 Message-Id: <20211012165701.52619-1-joseph.hemann@arm.com> X-Mailer: git-send-email 2.17.1 If the image is not signed and the hash of image is not found in DB/DBX, then the EFI_IMAGE_INFO_ACTION of the load of said image should be set to, EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND, rather then being left unset as EFI_IMAGE_EXECUTION_AUTH_UNTESTED. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Joseph Hemann Change-Id: Ia432ebf4ec811e36d67b80bc438a6aff60bc9b67 --- .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 0a804af2162f..e5fae732bb1f 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1848,6 +1848,7 @@ DxeImageVerificationHandler ( // // Image Hash is not found in both forbidden and allowed database. // + Action = EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND; DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed and %s hash of image is not found in DB/DBX.\n", mHashTypeStr)); goto Failed; } -- 2.17.1