From 588bb5ae52edc99aef6fcb68c31ce0882f0e5c3c Mon Sep 17 00:00:00 2001 From: "Zhang, Chao B" Date: Fri, 3 Mar 2017 13:59:57 +0800 Subject: [PATCH] MdeModulePkg: Variable: Update DBT PCR[7] measure Measure DBT into PCR[7] when it is updated between initial measure if present and not empty. by following TCG PC Client PFP 00.49 Previous patch for PCR[7] DBT part is overrode. dc9bd6ed281fcba5358f3004632bdbda968be1e5 Cc: Star Zeng Cc: Yao Jiewen Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang Reviewed-by: Star Zeng Reviewed-by: Yao Jiewen --- .../Universal/Variable/RuntimeDxe/Measurement.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c index 0f1cb18bac..936b5b00a3 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c @@ -242,8 +242,17 @@ SecureBootHook ( &VariableDataSize ); if (EFI_ERROR (Status)) { - VariableData = NULL; - VariableDataSize = 0; + // + // Measure DBT only if present and not empty + // + if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0 && + CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) { + DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2)); + return; + } else { + VariableData = NULL; + VariableDataSize = 0; + } } Status = MeasureVariable (