[PATCH v2 2/3] efi_loader: check tcg2 protocol installation outside the TCG protocol

Thu Dec 9 16:48:09 CET 2021

On Tue, 7 Dec 2021 at 07:11, Masahisa Kojima <masahisa.kojima at linaro.org> wrote:
>
> There are functions that calls tcg2_agile_log_append() outside
> of the TCG protocol invocation (e.g tcg2_measure_pe_image).
> These functions must to check that TCG2 protocol is installed.
> If not, measurement shall be skipped.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> ---
>
> No update since v1
>
>  lib/efi_loader/efi_tcg2.c | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
>
> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> index bdfd9a37b5..59bce85028 100644
> --- a/lib/efi_loader/efi_tcg2.c
> +++ b/lib/efi_loader/efi_tcg2.c
> @@ -972,6 +972,9 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
>         IMAGE_NT_HEADERS32 *nt;
>         struct efi_handler *handler;
>
> +       if (!is_tcg2_protocol_installed())
> +               return EFI_SUCCESS;
> +
>         ret = platform_get_tpm2_device(&dev);
>         if (ret != EFI_SUCCESS)
>                 return ret;
> @@ -2189,6 +2192,9 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha
>         u32 event = 0;
>         struct smbios_entry *entry;
>
> +       if (!is_tcg2_protocol_installed())
> +               return EFI_SUCCESS;
> +
>         if (tcg2_efi_app_invoked)
>                 return EFI_SUCCESS;
>
> @@ -2239,6 +2245,9 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void)
>         efi_status_t ret;
>         struct udevice *dev;
>
> +       if (!is_tcg2_protocol_installed())
> +               return EFI_SUCCESS;
> +
>         ret = platform_get_tpm2_device(&dev);
>         if (ret != EFI_SUCCESS)
>                 return ret;
> @@ -2264,6 +2273,12 @@ efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
>         EFI_ENTRY("%p, %p", event, context);
>
>         event_log.ebs_called = true;
> +
> +       if (!is_tcg2_protocol_installed()) {
> +               ret = EFI_SUCCESS;
> +               goto out;
> +       }
> +
>         ret = platform_get_tpm2_device(&dev);
>         if (ret != EFI_SUCCESS)
>                 goto out;
> @@ -2293,6 +2308,9 @@ efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
>         struct udevice *dev;
>         efi_status_t ret;
>
> +       if (!is_tcg2_protocol_installed())
> +               return EFI_SUCCESS;
> +
>         ret = platform_get_tpm2_device(&dev);
>         if (ret != EFI_SUCCESS)
>                 goto out;
> --
> 2.17.1
>

Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>