might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is \r
returned.\r
\r
- @param[in, out] AuthenticationStatus This is the authentication status returned\r
+ @param[in] AuthenticationStatus This is the authentication status returned\r
from the securitymeasurement services for the\r
input file.\r
@param[in] File This is a pointer to the device path of the file that is\r
being dispatched. This will optionally be used for logging.\r
@param[in] FileBuffer File buffer matches the input file device path.\r
@param[in] FileSize Size of File buffer matches the input file device path.\r
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
\r
- @retval EFI_SUCCESS The file specified by File did authenticate, and the\r
- platform policy dictates that the DXE Core may use File.\r
- @retval EFI_INVALID_PARAMETER File is NULL.\r
- @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and\r
- the platform policy dictates that File should be placed\r
- in the untrusted state. A file may be promoted from\r
- the untrusted to the trusted state at a future time\r
- with a call to the Trust() DXE Service.\r
- @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and\r
- the platform policy dictates that File should not be\r
- used for any purpose.\r
-\r
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
+ FileBuffer did authenticate, and the platform policy dictates\r
+ that the DXE Foundation may use the file.\r
+ @retval other error value\r
**/\r
EFI_STATUS\r
EFIAPI\r
DxeTpmMeasureBootHandler (\r
- IN OUT UINT32 AuthenticationStatus,\r
+ IN UINT32 AuthenticationStatus,\r
IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
- IN VOID *FileBuffer OPTIONAL,\r
- IN UINTN FileSize OPTIONAL\r
+ IN VOID *FileBuffer,\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
)\r
{\r
EFI_TCG_PROTOCOL *TcgProtocol;\r
BOOLEAN ApplicationRequired;\r
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
\r
- if (File == NULL) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
-\r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
//\r
// Copy File Device Path\r
//\r
OrigDevicePathNode = DuplicateDevicePath (File);\r
- ASSERT (OrigDevicePathNode != NULL);\r
\r
//\r
// 1. Check whether this device path support BlockIo protocol.\r
// Done, free the allocated resource.\r
//\r
Finish:\r
- FreePool (OrigDevicePathNode);\r
+ if (OrigDevicePathNode != NULL) {\r
+ FreePool (OrigDevicePathNode);\r
+ }\r
\r
return Status;\r
}\r
IN EFI_SYSTEM_TABLE *SystemTable\r
)\r
{\r
- return RegisterSecurityHandler (\r
+ return RegisterSecurity2Handler (\r
DxeTpmMeasureBootHandler,\r
EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
);\r