[edk2-devel] [PATCH 00/11] SecurityPkg/DxeImageVerificationHandler: fix retval for "deny" policy
Laszlo Ersek
lersek at redhat.com
Fri Jan 31 10:01:41 UTC 2020
On 01/31/20 10:28, Laszlo Ersek wrote:
> Hi Mike,
>
> On 01/31/20 09:12, Laszlo Ersek wrote:
>
>> So let me push this series as-is for TianoCore#2129, with your R-b
>> applied.
>
> My pull request (with the "push" label set) seems to have stalled. The
> checks have passed (twice -- I closed and reopened the PR once, to
> re-trigger mergify), but the branch is not being merged.
>
> https://github.com/tianocore/edk2/pull/324
BTW, here are the changes between the posted & reviewed series, and the
pull request:
- I had to replace an EFI_D_INFO macro with DEBUG_INFO, due to
checkpatch complaints. (The macro is not introduced anew, it is
touched only by un-indenting.)
- Normal administrativa (picked up R-b tags and Message-Id's, and noted
Mike substituting for the SecurityPkg reviewers during the CNY
holidays)
See the git-range-diff output after my sig.
Thanks,
Laszlo
1: 71155b00b2b7 ! 1: 4c8cd26ce423 SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"
@@ -19,6 +19,11 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-2-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
2: 9ad18d2e3adb ! 2: f04114b6d6b2 SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break
@@ -45,6 +45,11 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-3-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
3: e211153f9a32 ! 3: da0e0dfc67c4 SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internal
@@ -35,6 +35,11 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-4-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
4: 3ad36b80defa ! 4: d930abc95422 SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status
@@ -26,6 +26,11 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-5-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
5: 379ac43e909b ! 5: 91b24a413440 SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure
@@ -21,6 +21,11 @@
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-6-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
6: c53a99ceb9f2 ! 6: 937d1c73965e SecurityPkg/DxeImageVerificationHandler: remove superfluous Status setting
@@ -13,6 +13,11 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-7-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
7: c259648bbb30 ! 7: be0040ffa6cf SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() call
@@ -20,6 +20,12 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-8-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: replace EFI_D_INFO w/ DEBUG_INFO for PatchCheck.py]
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -101,7 +107,7 @@
+ NameStr = ConvertDevicePathToText (File, FALSE, TRUE);
+ AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
+ if (NameStr != NULL) {
-+ DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));
++ DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
+ FreePool(NameStr);
}
+ Status = EFI_SECURITY_VIOLATION;
8: ca43b52bbd96 ! 8: feffd6bfd886 SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable
@@ -17,6 +17,11 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-9-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -38,7 +43,7 @@
@@
- DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));
+ DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
FreePool(NameStr);
}
- Status = EFI_SECURITY_VIOLATION;
9: 22edc076c210 ! 9: 116742d3de8f SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)
@@ -21,6 +21,11 @@
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-10-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
10: e0b5e3b25eff ! 10: b73c1a576b78 SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail
@@ -28,6 +28,11 @@
Cc: Jiewen Yao <jiewen.yao at intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-11-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
11: 60363427926f ! 11: 1493b3ebadca SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policies
@@ -37,6 +37,11 @@
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 5db28a6753d307cdfb1cfdeb2f63739a9f959837
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
+ Message-Id: <20200116190705.18816-12-lersek at redhat.com>
+ Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
+ [lersek at redhat.com: push with Mike's R-b due to Chinese New Year
+ Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
+ <d3fbb76dabed4e1987c512c328c82810 at intel.com>]
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#53602): https://edk2.groups.io/g/devel/message/53602
Mute This Topic: https://groups.io/mt/69752218/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list