SecurityPkg/TPM: measure UEFI images without associated device paths again

[mirror_edk2.git] / SecurityPkg / Library / DxeTpmMeasureBootLib / DxeTpmMeasureBootLib.c

diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
index 4e4a90f9da625145bcb723080108674aa0545a3d..d990eb2ad3a9f8007cb49bb50075e2cfc9bcddc3 100644 (file)
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@@ -16,13 +16,7 @@
   partition data carefully.\r
 \r
 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution.  The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
 \r
@@ -655,7 +649,7 @@ TcgMeasurePeImage (
   if (Status == EFI_OUT_OF_RESOURCES) {\r
     //\r
     // Out of resource here means the image is hashed and its result is extended to PCR.\r
-    // But the event log cann't be saved since log area is full.\r
+    // But the event log can't be saved since log area is full.\r
     // Just return EFI_SUCCESS in order not to block the image load.\r
     //\r
     Status = EFI_SUCCESS;\r
@@ -684,8 +678,6 @@ Finish:
   and other exception operations.  The File parameter allows for possible logging\r
   within the SAP of the driver.\r
 \r
-  If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
-\r
   If the file specified by File with an authentication status specified by\r
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
 \r
@@ -698,6 +690,8 @@ Finish:
   might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
   returned.\r
 \r
+  If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED.\r
+\r
   @param[in]      AuthenticationStatus  This is the authentication status returned\r
                                         from the securitymeasurement services for the\r
                                         input file.\r
@@ -716,7 +710,7 @@ EFI_STATUS
 EFIAPI\r
 DxeTpmMeasureBootHandler (\r
   IN  UINT32                           AuthenticationStatus,\r
-  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,\r
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL\r
   IN  VOID                             *FileBuffer,\r
   IN  UINTN                            FileSize,\r
   IN  BOOLEAN                          BootPolicy\r
@@ -775,7 +769,7 @@ DxeTpmMeasureBootHandler (
   Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
   if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) {\r
     //\r
-    // Find the gpt partion on the given devicepath\r
+    // Find the gpt partition on the given devicepath\r
     //\r
     DevicePathNode = OrigDevicePathNode;\r
     ASSERT (DevicePathNode != NULL);\r
@@ -844,7 +838,7 @@ DxeTpmMeasureBootHandler (
     }\r
     //\r
     // The PE image from unmeasured Firmware volume need be measured\r
-    // The PE image from measured Firmware volume will be mearsured according to policy below.\r
+    // The PE image from measured Firmware volume will be measured according to policy below.\r
     //   If it is driver, do not measure\r
     //   If it is application, still measure.\r
     //\r
@@ -911,6 +905,13 @@ DxeTpmMeasureBootHandler (
   //\r
   Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
   if (EFI_ERROR (Status)) {\r
+    //\r
+    // Check for invalid parameters.\r
+    //\r
+    if (File == NULL) {\r
+      return EFI_ACCESS_DENIED;\r
+    }\r
+\r
     //\r
     // The information can't be got from the invalid PeImage\r
     //\r