SecurityPkg/TPM: measure UEFI images without associated device paths again

[mirror_edk2.git] / SecurityPkg / Library / DxeTpmMeasureBootLib / DxeTpmMeasureBootLib.c

diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
index a2d3923ca658f26eed1c545c59a26fd9a7a808ea..d990eb2ad3a9f8007cb49bb50075e2cfc9bcddc3 100644 (file)
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@@ -649,7 +649,7 @@ TcgMeasurePeImage (
   if (Status == EFI_OUT_OF_RESOURCES) {\r
     //\r
     // Out of resource here means the image is hashed and its result is extended to PCR.\r
-    // But the event log cann't be saved since log area is full.\r
+    // But the event log can't be saved since log area is full.\r
     // Just return EFI_SUCCESS in order not to block the image load.\r
     //\r
     Status = EFI_SUCCESS;\r
@@ -678,8 +678,6 @@ Finish:
   and other exception operations.  The File parameter allows for possible logging\r
   within the SAP of the driver.\r
 \r
-  If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
-\r
   If the file specified by File with an authentication status specified by\r
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
 \r
@@ -692,6 +690,8 @@ Finish:
   might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
   returned.\r
 \r
+  If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED.\r
+\r
   @param[in]      AuthenticationStatus  This is the authentication status returned\r
                                         from the securitymeasurement services for the\r
                                         input file.\r
@@ -710,7 +710,7 @@ EFI_STATUS
 EFIAPI\r
 DxeTpmMeasureBootHandler (\r
   IN  UINT32                           AuthenticationStatus,\r
-  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,\r
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL\r
   IN  VOID                             *FileBuffer,\r
   IN  UINTN                            FileSize,\r
   IN  BOOLEAN                          BootPolicy\r
@@ -769,7 +769,7 @@ DxeTpmMeasureBootHandler (
   Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
   if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) {\r
     //\r
-    // Find the gpt partion on the given devicepath\r
+    // Find the gpt partition on the given devicepath\r
     //\r
     DevicePathNode = OrigDevicePathNode;\r
     ASSERT (DevicePathNode != NULL);\r
@@ -838,7 +838,7 @@ DxeTpmMeasureBootHandler (
     }\r
     //\r
     // The PE image from unmeasured Firmware volume need be measured\r
-    // The PE image from measured Firmware volume will be mearsured according to policy below.\r
+    // The PE image from measured Firmware volume will be measured according to policy below.\r
     //   If it is driver, do not measure\r
     //   If it is application, still measure.\r
     //\r
@@ -905,6 +905,13 @@ DxeTpmMeasureBootHandler (
   //\r
   Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
   if (EFI_ERROR (Status)) {\r
+    //\r
+    // Check for invalid parameters.\r
+    //\r
+    if (File == NULL) {\r
+      return EFI_ACCESS_DENIED;\r
+    }\r
+\r
     //\r
     // The information can't be got from the invalid PeImage\r
     //\r