From nobody Mon Feb  9 08:56:12 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+57455+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+57455+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1587022439; cv=none;
	d=zohomail.com; s=zohoarc;
	b=hgvLzfBBJg9ZOab+UCCUsMJ9L/mJ3uWrAE8LsDxFKUpHMfactaR9ne6WVYmtFu1+FRLj9F6AamidO2Tr6gfbW9o7bZtVY48E5/06AkTIErzzcaI1HKiRZovunuKDKtAYJwgDA4poybNu6cp/GBmeqp9LQem5rBOqwG6ufSuZBTU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1587022439;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=zQbJmV/6WVOudSnmy5J1s3q079I2dPmfelgyKHdopQw=;
	b=kyCEauP+nd2ZK1zhGpfZnID4Id/Bybj3lGETxRqhhw4Uc21qbS0d8WmvbCHFErtYvA6XasUZ81MxzkiXk/s2FXR6kBkRlVeyo9gP4hQans6SGgMN4lF7HPhq/xEMjNHQb2lMmuKumrywE2BAyLzwj81S5MQNrH/K1H+k4olyuaA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+57455+1787277+3901457@groups.io;
	dmarc=fail header.from=<guomin.jiang@intel.com> (p=none dis=none)
 header.from=<guomin.jiang@intel.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 158702243922095.1507015475836;
 Thu, 16 Apr 2020 00:33:59 -0700 (PDT)
Return-Path: <bounce+27952+57455+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id CQUkYY1788612xm8RXvHpTaf;
 Thu, 16 Apr 2020 00:33:58 -0700
X-Received: from mga14.intel.com (mga14.intel.com [])
 by mx.groups.io with SMTP id smtpd.web12.2209.1587022437519145375
 for <devel@edk2.groups.io>;
 Thu, 16 Apr 2020 00:33:58 -0700
IronPort-SDR: 
 6/1b3GiGrkCnmqUV+rdb90SS6CROlCVppw9l71gDutwqUKj7N0CGKAq89dZ0owe+UUkiD2ZZiR
 Enk8ltPeujZQ==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Apr 2020 00:33:57 -0700
IronPort-SDR: 
 ggD/5/h/AMJVC+EfwULmFmTMFh3skqG6rNd8xOw0wF47vo4OI8kEVDXATpd+E1pWNQtt/Uwxf2
 OLjG581/mm6w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,390,1580803200";
   d="scan'208";a="288803532"
X-Received: from guominji-mobl.ccr.corp.intel.com ([10.238.5.173])
  by fmsmga002.fm.intel.com with ESMTP; 16 Apr 2020 00:33:56 -0700
From: "Guomin Jiang" <guomin.jiang@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [edk2-devel] [PATCH v2 1/6] SecurityPkg/TPM: measure UEFI images
 without associated device paths again
Date: Thu, 16 Apr 2020 15:33:49 +0800
Message-Id: <20200416073354.2232-2-guomin.jiang@intel.com>
In-Reply-To: <20200416073354.2232-1-guomin.jiang@intel.com>
References: <20200416073354.2232-1-guomin.jiang@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,guomin.jiang@intel.com
X-Gm-Message-State: KBLBu9u4xjcUS390qBb5vyQTx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1587022438;
 bh=peVqbOAWsQdQx5vsZ5zNagj0pCilKBq+0KSay7dw3YA=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=s+j1afx0NOBic4hNXwOYuxS/MrLUfplYYE2ma0+ST79bmo9Cs4YTIPclZVF6yPyjp2+
 qEap9Vr5pTMzxXLhmUhenTCS5Pwz8JBKYkCIVd6J+V/sK06RyS1k07DE+fYo4aq2eP1DA
 78EELfgdbrl16QHHaf4jC3HXdzULj2tSXPg=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2652

DxeTpm2MeasureBootHandler() and DxeTpmMeasureBootHandler() functions may
receive a FileBuffer argument that is not associated with any particular
device path (e.g., because the UEFI image has not been loaded from any
particular device path).
Therefore rejecting (File=3D=3DNULL) at the top of the function is invalid.

Fixes: 4b026f0d5af36faf3a3629a3ad49c51b5b3be12f

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
---
 .../DxeTpm2MeasureBootLib.c                   | 20 +++++++++----------
 .../DxeTpmMeasureBootLib.c                    | 20 +++++++++----------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLi=
b.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
index f0e95e5ec0..92eac71580 100644
--- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
@@ -384,8 +384,6 @@ Finish:
   and other exception operations.  The File parameter allows for possible =
logging
   within the SAP of the driver.
=20
-  If File is NULL, then EFI_ACCESS_DENIED is returned.
-
   If the file specified by File with an authentication status specified by
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS i=
s returned.
=20
@@ -398,6 +396,8 @@ Finish:
   might be possible to use it at a future time, then EFI_SECURITY_VIOLATIO=
N is
   returned.
=20
+  If check image specified by FileBuffer and File is NULL meanwhile, retur=
n EFI_ACCESS_DENIED.
+
   @param[in]      AuthenticationStatus  This is the authentication status =
returned
                                         from the securitymeasurement servi=
ces for the
                                         input file.
@@ -416,7 +416,7 @@ EFI_STATUS
 EFIAPI
 DxeTpm2MeasureBootHandler (
   IN  UINT32                           AuthenticationStatus,
-  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL
   IN  VOID                             *FileBuffer,
   IN  UINTN                            FileSize,
   IN  BOOLEAN                          BootPolicy
@@ -435,13 +435,6 @@ DxeTpm2MeasureBootHandler (
   EFI_PHYSICAL_ADDRESS                FvAddress;
   UINT32                              Index;
=20
-  //
-  // Check for invalid parameters.
-  //
-  if (File =3D=3D NULL) {
-    return EFI_ACCESS_DENIED;
-  }
-
   Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &=
Tcg2Protocol);
   if (EFI_ERROR (Status)) {
     //
@@ -615,6 +608,13 @@ DxeTpm2MeasureBootHandler (
   //
   Status =3D PeCoffLoaderGetImageInfo (&ImageContext);
   if (EFI_ERROR (Status)) {
+    //
+    // Check for invalid parameters.
+    //
+    if (File =3D=3D NULL) {
+      Status =3D EFI_ACCESS_DENIED;
+    }
+
     //
     // The information can't be got from the invalid PeImage
     //
diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.=
c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
index d499371e7a..d990eb2ad3 100644
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@@ -678,8 +678,6 @@ Finish:
   and other exception operations.  The File parameter allows for possible =
logging
   within the SAP of the driver.
=20
-  If File is NULL, then EFI_ACCESS_DENIED is returned.
-
   If the file specified by File with an authentication status specified by
   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS i=
s returned.
=20
@@ -692,6 +690,8 @@ Finish:
   might be possible to use it at a future time, then EFI_SECURITY_VIOLATIO=
N is
   returned.
=20
+  If check image specified by FileBuffer and File is NULL meanwhile, retur=
n EFI_ACCESS_DENIED.
+
   @param[in]      AuthenticationStatus  This is the authentication status =
returned
                                         from the securitymeasurement servi=
ces for the
                                         input file.
@@ -710,7 +710,7 @@ EFI_STATUS
 EFIAPI
 DxeTpmMeasureBootHandler (
   IN  UINT32                           AuthenticationStatus,
-  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL
   IN  VOID                             *FileBuffer,
   IN  UINTN                            FileSize,
   IN  BOOLEAN                          BootPolicy
@@ -732,13 +732,6 @@ DxeTpmMeasureBootHandler (
   EFI_PHYSICAL_ADDRESS                FvAddress;
   UINT32                              Index;
=20
-  //
-  // Check for invalid parameters.
-  //
-  if (File =3D=3D NULL) {
-    return EFI_ACCESS_DENIED;
-  }
-
   Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &T=
cgProtocol);
   if (EFI_ERROR (Status)) {
     //
@@ -912,6 +905,13 @@ DxeTpmMeasureBootHandler (
   //
   Status =3D PeCoffLoaderGetImageInfo (&ImageContext);
   if (EFI_ERROR (Status)) {
+    //
+    // Check for invalid parameters.
+    //
+    if (File =3D=3D NULL) {
+      return EFI_ACCESS_DENIED;
+    }
+
     //
     // The information can't be got from the invalid PeImage
     //
--=20
2.25.1.windows.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#57455): https://edk2.groups.io/g/devel/message/57455
Mute This Topic: https://groups.io/mt/73050532/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-