The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers
are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype
can not return EFI_INVALID_PARAMETER.
The prototype documentation states it returns EFI_ACCESS_DENIED if:
"The file specified by File and FileBuffer did not authenticate,
and the platform policy dictates that the DXE Foundation may not
use File."
Correct the documentation, and add a early check, returning
EFI_ACCESS_DENIED when File is NULL.
Noticed while reviewing commit
6d57592740cdd0b6868baeef7929d6e6fef.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
- If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
+ If File is NULL, then EFI_ACCESS_DENIED is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
+ //\r
+ // Check for invalid parameters.\r
+ //\r
+ if (File == NULL) {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);\r
if (EFI_ERROR (Status)) {\r
//\r
and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
- If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
+ If File is NULL, then EFI_ACCESS_DENIED is returned.\r
\r
If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
+ //\r
+ // Check for invalid parameters.\r
+ //\r
+ if (File == NULL) {\r
+ return EFI_ACCESS_DENIED;\r
+ }\r
+\r
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
if (EFI_ERROR (Status)) {\r
//\r