[edk2-devel] [PATCH v2 1/1] SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V

Wang, Jian J jian.j.wang at intel.com
Thu Oct 28 07:59:39 UTC 2021 

Reviewed-by: Jian J Wang <jian.j.wang at intel.com>

Regards,
Jian

> -----Original Message-----
> From: Jiang, Guomin <guomin.jiang at intel.com>
> Sent: Friday, October 15, 2021 12:31 PM
> To: devel at edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao at intel.com>; Wang, Jian J <jian.j.wang at intel.com>
> Subject: [PATCH v2 1/1] SecurityPkg/FvReportPei: Remove the ASSERT to allow
> neither M nor V
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2673
> 
> M mean that Measured Boot, V mean that Verified Boot.
> 
> The FvReport do below:
> 1. Do nothing if neither M nor V
> 2. Allocate pages to save the firmware volume and use it to install
>    firmware info Ppi
> 3. Install PreHashFv Ppi if the FV need measurement.
> 4. Verify the Hash if the FV need verification
> 
> Notes:
> 1. The component is used to verify the FV or measure the FV
> 2. Copy action is just for security purpose but not main purpose.
> 3. If you use this component, Doesn't need to copy in other compoent
>    which result time consumption.
> 
> Signed-off-by: Guomin Jiang <guomin.jiang at intel.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> ---
>  SecurityPkg/FvReportPei/FvReportPei.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/SecurityPkg/FvReportPei/FvReportPei.c
> b/SecurityPkg/FvReportPei/FvReportPei.c
> index 9f3ebd8ed174..6dce3298e3a2 100644
> --- a/SecurityPkg/FvReportPei/FvReportPei.c
> +++ b/SecurityPkg/FvReportPei/FvReportPei.c
> @@ -150,10 +150,12 @@ VerifyHashedFv (
>    FvHashValue = HashValue;
>    for (FvIndex = 0; FvIndex < FvNumber; ++FvIndex) {
>      //
> -    // FV must be meant for verified boot and/or measured boot.
> +    // Not meant for verified boot and/or measured boot?
>      //
> -    ASSERT ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) != 0 ||
> -            (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) != 0);
> +    if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 &&
> +          (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) {
> +      continue;
> +    }
> 
>      //
>      // Skip any FV not meant for current boot mode.
> --
> 2.30.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82799): https://edk2.groups.io/g/devel/message/82799
Mute This Topic: https://groups.io/mt/86332350/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list