[edk2-devel] [PATCH v2 1/1] SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V

Guomin Jiang guomin.jiang at intel.com
Fri Oct 15 04:31:01 UTC 2021 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2673

M mean that Measured Boot, V mean that Verified Boot.

The FvReport do below:
1. Do nothing if neither M nor V
2. Allocate pages to save the firmware volume and use it to install
   firmware info Ppi
3. Install PreHashFv Ppi if the FV need measurement.
4. Verify the Hash if the FV need verification

Notes:
1. The component is used to verify the FV or measure the FV
2. Copy action is just for security purpose but not main purpose.
3. If you use this component, Doesn't need to copy in other compoent
   which result time consumption.

Signed-off-by: Guomin Jiang <guomin.jiang at intel.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
---
 SecurityPkg/FvReportPei/FvReportPei.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c
index 9f3ebd8ed174..6dce3298e3a2 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.c
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@@ -150,10 +150,12 @@ VerifyHashedFv (
   FvHashValue = HashValue;
   for (FvIndex = 0; FvIndex < FvNumber; ++FvIndex) {
     //
-    // FV must be meant for verified boot and/or measured boot.
+    // Not meant for verified boot and/or measured boot?
     //
-    ASSERT ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) != 0 ||
-            (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) != 0);
+    if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 &&
+          (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) {
+      continue;
+    }
 
     //
     // Skip any FV not meant for current boot mode.
-- 
2.30.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82082): https://edk2.groups.io/g/devel/message/82082
Mute This Topic: https://groups.io/mt/86332350/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list