diff options
| author | Leif Lindholm <leif.lindholm@linaro.org> | 2013-06-19 11:07:03 +0100 |
|---|---|---|
| committer | Leif Lindholm <leif.lindholm@linaro.org> | 2013-06-19 11:07:03 +0100 |
| commit | 4a21c40a5f30d67cdf876bc50f48abd37d9eea68 (patch) | |
| tree | 49f9dd09a6ad18c45a9c1a5b9eca633a6f1a9f32 /SecurityPkg/Library | |
| parent | 4cbfd417d24602d2d9c05cc5693a6e6087d1c96d (diff) | |
| parent | 162fed6be629c847e162462331565e9204e47fa2 (diff) | |
Merging linaro-tracking-2013.06 into linaro-releaselinaro-uefi-2013.06
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Diffstat (limited to 'SecurityPkg/Library')
3 files changed, 10 insertions, 63 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 5bc29cf145..9e4bf8681b 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1348,53 +1348,6 @@ Done: }
/**
- When VariableWriteArchProtocol install, create "SecureBoot" variable.
-
- @param[in] Event Event whose notification function is being invoked.
- @param[in] Context Pointer to the notification function's context.
-
-**/
-VOID
-EFIAPI
-VariableWriteCallBack (
- IN EFI_EVENT Event,
- IN VOID *Context
- )
-{
- UINT8 SecureBootMode;
- UINT8 *SecureBootModePtr;
- EFI_STATUS Status;
- VOID *ProtocolPointer;
-
- Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);
- if (EFI_ERROR (Status)) {
- return;
- }
-
- //
- // Check whether "SecureBoot" variable exists.
- // If this library is built-in, it means firmware has capability to perform
- // driver signing verification.
- //
- GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);
- if (SecureBootModePtr == NULL) {
- SecureBootMode = SECURE_BOOT_MODE_DISABLE;
- //
- // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.
- //
- gRT->SetVariable (
- EFI_SECURE_BOOT_MODE_NAME,
- &gEfiGlobalVariableGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
- sizeof (UINT8),
- &SecureBootMode
- );
- } else {
- FreePool (SecureBootModePtr);
- }
-}
-
-/**
Register security measurement handler.
@param ImageHandle ImageHandle of the loaded driver.
@@ -1409,19 +1362,6 @@ DxeImageVerificationLibConstructor ( IN EFI_SYSTEM_TABLE *SystemTable
)
{
- VOID *Registration;
-
- //
- // Register callback function upon VariableWriteArchProtocol.
- //
- EfiCreateProtocolNotifyEvent (
- &gEfiVariableWriteArchProtocolGuid,
- TPL_CALLBACK,
- VariableWriteCallBack,
- NULL,
- &Registration
- );
-
return RegisterSecurity2Handler (
DxeImageVerificationHandler,
EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf index dd03b0bf8a..0c6ab968f0 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like
# buffer overflow, integer overflow.
#
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -59,7 +59,6 @@ gEfiFirmwareVolume2ProtocolGuid
gEfiBlockIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid
- gEfiVariableWriteArchProtocolGuid
[Guids]
gEfiCertTypeRsa2048Sha256Guid
diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index eae68eab6b..665e4b6c80 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -15,7 +15,7 @@ TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse
partition data carefully.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -664,6 +664,14 @@ TcgMeasurePeImage ( &EventNumber,
&EventLogLastEntry
);
+ if (Status == EFI_OUT_OF_RESOURCES) {
+ //
+ // Out of resource here means the image is hashed and its result is extended to PCR.
+ // But the event log cann't be saved since log area is full.
+ // Just return EFI_SUCCESS in order not to block the image load.
+ //
+ Status = EFI_SUCCESS;
+ }
Finish:
FreePool (TcgEvent);
|