The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers
are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype
can not return EFI_INVALID_PARAMETER.
The prototype documentation states it returns EFI_ACCESS_DENIED if:
"The file specified by File and FileBuffer did not authenticate,
and the platform policy dictates that the DXE Foundation may not
use File."
Correct the documentation, and add a early check, returning
EFI_ACCESS_DENIED when File is NULL.
Noticed while reviewing commit
6d57592740cdd0b6868baeef7929d6e6fef.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
- If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
+ If File is NULL, then EFI_ACCESS_DENIED is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
+ //\r
+ // Check for invalid parameters.\r
+ //\r
+ if (File == NULL) {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
if (EFI_ERROR (Status)) {\r
//\r
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
if (EFI_ERROR (Status)) {\r
//\r
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
- If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
+ If File is NULL, then EFI_ACCESS_DENIED is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
+ //\r
+ // Check for invalid parameters.\r
+ //\r
+ if (File == NULL) {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
//\r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
//\r