Discussion:
[edk2] [Patch] SecurityPkg: Fix wrong cert data measurement in DBX path
Zhang, Chao B
2015-06-09 02:10:50 UTC
Permalink
Fix wrong cert data measurement when image is rejected by DBX

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <***@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 9a61723..d7e286b 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1294,7 +1294,7 @@ IsForbiddenByDbx (
mImageDigestSize
);
if (IsForbidden) {
- SecureBootHook (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
+ SecureBootHook (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, CertData);
goto Done;
}
--
1.9.5.msysgit.1


------------------------------------------------------------------------------
Long, Qin
2015-06-09 04:53:16 UTC
Permalink
The fix looks good.

Reviewed-by: Long, Qin <***@intel.com>

-----Original Message-----
From: Zhang, Chao B
Sent: Tuesday, June 09, 2015 10:11 AM
To: Long, Qin
Cc: edk2-***@lists.sourceforge.net; Zhang, Chao B
Subject: [Patch] SecurityPkg: Fix wrong cert data measurement in DBX path

Fix wrong cert data measurement when image is rejected by DBX

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <***@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 9a61723..d7e286b 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1294,7 +1294,7 @@ IsForbiddenByDbx (
mImageDigestSize
);
if (IsForbidden) {
- SecureBootHook (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
+ SecureBootHook (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, CertData);
goto Done;
}
--
1.9.5.msysgit.1


------------------------------------------------------------------------------
Loading...