REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652
DxeTpm2MeasureBootHandler() and DxeTpmMeasureBootHandler() functions may
receive a FileBuffer argument that is not associated with any particular
device path (e.g., because the UEFI image has not been loaded from any
particular device path).
Therefore rejecting (File==NULL) at the top of the function is invalid.
Fixes: 4b026f0d5af36faf3a3629a3ad49c51b5b3be12f
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
- If File is NULL, then EFI_ACCESS_DENIED is returned.\r
-\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
+ If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED.\r
+\r
@param[in] AuthenticationStatus This is the authentication status returned\r
from the securitymeasurement services for the\r
input file.\r
@param[in] AuthenticationStatus This is the authentication status returned\r
from the securitymeasurement services for the\r
input file.\r
EFIAPI\r
DxeTpm2MeasureBootHandler (\r
IN UINT32 AuthenticationStatus,\r
EFIAPI\r
DxeTpm2MeasureBootHandler (\r
IN UINT32 AuthenticationStatus,\r
- IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL\r
IN VOID *FileBuffer,\r
IN UINTN FileSize,\r
IN BOOLEAN BootPolicy\r
IN VOID *FileBuffer,\r
IN UINTN FileSize,\r
IN BOOLEAN BootPolicy\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
- //\r
- // Check for invalid parameters.\r
- //\r
- if (File == NULL) {\r
- return EFI_ACCESS_DENIED;\r
- }\r
-\r
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
if (EFI_ERROR (Status)) {\r
//\r
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
if (EFI_ERROR (Status)) {\r
//\r
//\r
Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
//\r
Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
+ //\r
+ // Check for invalid parameters.\r
+ //\r
+ if (File == NULL) {\r
+ Status = EFI_ACCESS_DENIED;\r
+ }\r
+\r
//\r
// The information can't be got from the invalid PeImage\r
//\r
//\r
// The information can't be got from the invalid PeImage\r
//\r
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
- If File is NULL, then EFI_ACCESS_DENIED is returned.\r
-\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
+ If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED.\r
+\r
@param[in] AuthenticationStatus This is the authentication status returned\r
from the securitymeasurement services for the\r
input file.\r
@param[in] AuthenticationStatus This is the authentication status returned\r
from the securitymeasurement services for the\r
input file.\r
EFIAPI\r
DxeTpmMeasureBootHandler (\r
IN UINT32 AuthenticationStatus,\r
EFIAPI\r
DxeTpmMeasureBootHandler (\r
IN UINT32 AuthenticationStatus,\r
- IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL\r
IN VOID *FileBuffer,\r
IN UINTN FileSize,\r
IN BOOLEAN BootPolicy\r
IN VOID *FileBuffer,\r
IN UINTN FileSize,\r
IN BOOLEAN BootPolicy\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
- //\r
- // Check for invalid parameters.\r
- //\r
- if (File == NULL) {\r
- return EFI_ACCESS_DENIED;\r
- }\r
-\r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
//\r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
//\r
//\r
Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
//\r
Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
+ //\r
+ // Check for invalid parameters.\r
+ //\r
+ if (File == NULL) {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
//\r
// The information can't be got from the invalid PeImage\r
//\r
//\r
// The information can't be got from the invalid PeImage\r
//\r