Add comment for modules which have external input.

[mirror_edk2.git] / SecurityPkg / Library / DxeTcgPhysicalPresenceLib / DxeTcgPhysicalPresenceLib.c

diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index 515b0a5d7231ef5cd43505d5f4c9f1ee346df60b..5316e5b785ce3126eb8eca7b2e85ad0c22d69023 100644 (file)
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -2,6 +2,12 @@
 \r
   Execute pending TPM requests from OS or BIOS and Lock TPM.\r
 \r
+  Caution: This module requires additional review when modified.\r
+  This driver will have external input - variable.\r
+  This external input must be validated carefully to avoid security issue.\r
+\r
+  ExecutePendingTpmRequest() will receive untrusted input and do validation.\r
+\r
 Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
@@ -882,6 +888,10 @@ UserConfirm (
 /**\r
   Check and execute the requested physical presence command.\r
 \r
+  Caution: This function may receive untrusted input.\r
+  TcgPpData variable is external input, so this function will validate\r
+  its data structure to be valid value.\r
+\r
   @param[in] TcgProtocol          EFI TCG Protocol instance. \r
   @param[in] TcgPpData            Point to the physical presence NV variable.\r
 \r