|
 |
6009e6 |
From b68d6a626977f48ac4d05396edcb70a73b12c66c Mon Sep 17 00:00:00 2001
|
|
|
6009e6 |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Date: Fri, 31 Jan 2020 12:42:45 +0100
|
|
|
6009e6 |
Subject: [PATCH 09/12] SecurityPkg/DxeImageVerificationHandler: eliminate
|
|
|
6009e6 |
"Status" variable
|
|
|
6009e6 |
MIME-Version: 1.0
|
|
|
6009e6 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6009e6 |
Content-Transfer-Encoding: 8bit
|
|
|
6009e6 |
|
|
|
6009e6 |
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-id: <20200131124248.22369-10-lersek@redhat.com>
|
|
|
6009e6 |
Patchwork-id: 93619
|
|
|
6009e6 |
O-Subject: [RHEL-8.2.0 edk2 PATCH 09/12] SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable
|
|
|
6009e6 |
Bugzilla: 1751993
|
|
|
6009e6 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
6009e6 |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
6009e6 |
|
|
|
6009e6 |
The "Status" variable is set to EFI_ACCESS_DENIED at the top of the
|
|
|
6009e6 |
function. Then it is overwritten with EFI_SECURITY_VIOLATION under the
|
|
|
6009e6 |
"Failed" (earlier: "Done") label. We finally return "Status".
|
|
|
6009e6 |
|
|
|
6009e6 |
The above covers the complete usage of "Status" in
|
|
|
6009e6 |
DxeImageVerificationHandler(). Remove the variable, and simply return
|
|
|
6009e6 |
EFI_SECURITY_VIOLATION in the end.
|
|
|
6009e6 |
|
|
|
6009e6 |
This patch is a no-op, regarding behavior.
|
|
|
6009e6 |
|
|
|
6009e6 |
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
|
|
6009e6 |
Cc: Jian J Wang <jian.j.wang@intel.com>
|
|
|
6009e6 |
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
|
|
6009e6 |
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
|
|
6009e6 |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-Id: <20200116190705.18816-9-lersek@redhat.com>
|
|
|
6009e6 |
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
|
6009e6 |
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
|
|
6009e6 |
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
|
|
6009e6 |
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
|
|
6009e6 |
(cherry picked from commit fb02f5b2cd0b2a2d413a4f4fc41e085be2ede089)
|
|
|
6009e6 |
|
|
|
6009e6 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
6009e6 |
---
|
|
|
6009e6 |
.../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 5 +----
|
|
|
6009e6 |
1 file changed, 1 insertion(+), 4 deletions(-)
|
|
|
6009e6 |
|
|
|
6009e6 |
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
index 51968bd..b49fe87 100644
|
|
|
6009e6 |
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
@@ -1560,7 +1560,6 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
IN BOOLEAN BootPolicy
|
|
|
6009e6 |
)
|
|
|
6009e6 |
{
|
|
|
6009e6 |
- EFI_STATUS Status;
|
|
|
6009e6 |
EFI_IMAGE_DOS_HEADER *DosHdr;
|
|
|
6009e6 |
BOOLEAN IsVerified;
|
|
|
6009e6 |
EFI_SIGNATURE_LIST *SignatureList;
|
|
|
6009e6 |
@@ -1588,7 +1587,6 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
SecDataDir = NULL;
|
|
|
6009e6 |
PkcsCertData = NULL;
|
|
|
6009e6 |
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
|
|
|
6009e6 |
- Status = EFI_ACCESS_DENIED;
|
|
|
6009e6 |
IsVerified = FALSE;
|
|
|
6009e6 |
|
|
|
6009e6 |
|
|
|
6009e6 |
@@ -1880,13 +1878,12 @@ Failed:
|
|
|
6009e6 |
DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
|
|
|
6009e6 |
FreePool(NameStr);
|
|
|
6009e6 |
}
|
|
|
6009e6 |
- Status = EFI_SECURITY_VIOLATION;
|
|
|
6009e6 |
|
|
|
6009e6 |
if (SignatureList != NULL) {
|
|
|
6009e6 |
FreePool (SignatureList);
|
|
|
6009e6 |
}
|
|
|
6009e6 |
|
|
|
6009e6 |
- return Status;
|
|
|
6009e6 |
+ return EFI_SECURITY_VIOLATION;
|
|
|
6009e6 |
}
|
|
|
6009e6 |
|
|
|
6009e6 |
/**
|
|
|
6009e6 |
--
|
|
|
6009e6 |
1.8.3.1
|
|
|
6009e6 |
|