MdeModulePkg: Variable: Update DBT PCR[7] measure

Measure DBT into PCR[7] when it is updated between initial measure if present and not empty. by following TCG PC Client PFP 00.49 Previous patch for PCR[7] DBT part is overrode. dc9bd6ed281fcba5358f3004632bdbda968be1e5 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2025-04-08 17:05:09 +02:00 · 2017-03-03 13:59:57 +08:00 · 2017-03-03 13:59:57 +08:00 · 588bb5ae52
commit 588bb5ae52
parent 400b0940c8
1 changed files with 11 additions and 2 deletions
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
@ -242,8 +242,17 @@ SecureBootHook (
             &VariableDataSize
             );
  if (EFI_ERROR (Status)) {
-    VariableData     = NULL;
-    VariableDataSize = 0;
+    //
+    // Measure DBT only if present and not empty
+    //
+    if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0 &&
+        CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) {
+      DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));
+      return;
+    } else {
+      VariableData     = NULL;
+      VariableDataSize = 0;
+    }
  }

  Status = MeasureVariable (