From: Zhang, Chao B <chao.b.zhang@intel.com>
Date: Fri, 3 Mar 2017 05:59:57 +0000 (+0800)
Subject: MdeModulePkg: Variable: Update DBT PCR[7] measure
X-Git-Tag: edk2-stable201903~4490
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=588bb5ae52edc99aef6fcb68c31ce0882f0e5c3c;hp=400b0940c8295f4cba44da3fa3e589f663f60de2

MdeModulePkg: Variable: Update DBT PCR[7] measure

Measure DBT into PCR[7] when it is updated between initial measure
if present and not empty. by following TCG PC Client PFP 00.49
Previous patch for PCR[7] DBT part is overrode.
dc9bd6ed281fcba5358f3004632bdbda968be1e5

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
---

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
index 0f1cb18bac..936b5b00a3 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
@@ -242,8 +242,17 @@ SecureBootHook (
              &VariableDataSize
              );
   if (EFI_ERROR (Status)) {
-    VariableData     = NULL;
-    VariableDataSize = 0;
+    //
+    // Measure DBT only if present and not empty
+    //
+    if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0 &&
+        CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) {
+      DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));
+      return;
+    } else {
+      VariableData     = NULL;
+      VariableDataSize = 0;
+    }
   }
 
   Status = MeasureVariable (