From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.5304.1634272266712510954 for ; Thu, 14 Oct 2021 21:31:07 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: guomin.jiang@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10137"; a="288713931" X-IronPort-AV: E=Sophos;i="5.85,374,1624345200"; d="scan'208";a="288713931" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Oct 2021 21:31:05 -0700 X-IronPort-AV: E=Sophos;i="5.85,374,1624345200"; d="scan'208";a="492314248" Received: from guominji-mobl.ccr.corp.intel.com ([10.238.14.26]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Oct 2021 21:31:04 -0700 From: "Guomin Jiang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang Subject: [PATCH v2 1/1] SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V Date: Fri, 15 Oct 2021 12:31:01 +0800 Message-Id: <20211015043101.912-1-guomin.jiang@intel.com> X-Mailer: git-send-email 2.30.0.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2673 M mean that Measured Boot, V mean that Verified Boot. The FvReport do below: 1. Do nothing if neither M nor V 2. Allocate pages to save the firmware volume and use it to install firmware info Ppi 3. Install PreHashFv Ppi if the FV need measurement. 4. Verify the Hash if the FV need verification Notes: 1. The component is used to verify the FV or measure the FV 2. Copy action is just for security purpose but not main purpose. 3. If you use this component, Doesn't need to copy in other compoent which result time consumption. Signed-off-by: Guomin Jiang Cc: Jiewen Yao Cc: Jian J Wang --- SecurityPkg/FvReportPei/FvReportPei.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c index 9f3ebd8ed174..6dce3298e3a2 100644 --- a/SecurityPkg/FvReportPei/FvReportPei.c +++ b/SecurityPkg/FvReportPei/FvReportPei.c @@ -150,10 +150,12 @@ VerifyHashedFv ( FvHashValue = HashValue; for (FvIndex = 0; FvIndex < FvNumber; ++FvIndex) { // - // FV must be meant for verified boot and/or measured boot. + // Not meant for verified boot and/or measured boot? // - ASSERT ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) != 0 || - (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) != 0); + if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 && + (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) { + continue; + } // // Skip any FV not meant for current boot mode. -- 2.30.0.windows.2