MdeModulePkg: Variable: Update DBT PCR[7] measure

Measure DBT into PCR[7] when it is updated between initial measure
if present and not empty. by following TCG PC Client PFP 00.49
Previous patch for PCR[7] DBT part is overrode.
dc9bd6ed281fcba5358f3004632bdbda968be1e5

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
index 0f1cb18bac95bf04c7944ee47e8f4f2d1b266405..936b5b00a3f3bc05409f7b25aa492e739b0a5b5e 100644 (file)
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
@@ -242,8 +242,17 @@ SecureBootHook (
              &VariableDataSize\r
              );\r
   if (EFI_ERROR (Status)) {\r
-    VariableData     = NULL;\r
-    VariableDataSize = 0;\r
+    //\r
+    // Measure DBT only if present and not empty\r
+    //\r
+    if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0 &&\r
+        CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) {\r
+      DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));\r
+      return;\r
+    } else {\r
+      VariableData     = NULL;\r
+      VariableDataSize = 0;\r
+    }\r
   }\r
 \r
   Status = MeasureVariable (\r