The patch looks good.

And I prefer to update the commit log:
"Correct the variable measurement behavior to include whole EFI_VARIABLE_DATA structure, for the latest specification compliance."

Reviewed-by: Qin Long <***@intel.com>


Best Regards & Thanks,
LONG, Qin

-----Original Message-----
From: Zhang, Chao B
Sent: Tuesday, July 14, 2015 3:51 PM
To: edk2-***@lists.sourceforge.net
Cc: Long, Qin; Zhang, Chao B
Subject: [PATCH] SecurityPkg: Change BootOrder/Boot#### measure behavior

Change EV_EFI_VARIABLE_BOOT measure behavior. Include VarName, VarGuid to hash extend to PCR

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <***@intel.com>
---
SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 4 ++--
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 28 ++++++++--------------------
2 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index f15e943..4b9afe3 100644
--- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
+++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
@@ -959,8 +959,8 @@ MeasureVariable (

Status = TcgDxeHashLogExtendEventI (
&mTcgDxeData,
- (UINT8*)VarData,
- VarSize,
+ (UINT8*)VarLog,
+ TcgEvent.EventSize,
&TcgEvent,
(UINT8*)VarLog
);
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
index 6126bd8..582f09f 100644
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
+++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
@@ -1206,26 +1206,14 @@ MeasureVariable (
);
}

- if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {
- //
- // Digest is the event data (EFI_VARIABLE_DATA_TREE)
- //
- Status = TcgDxeHashLogExtendEvent (
- 0,
- (UINT8*)VarLog,
- TcgEvent.EventSize,
- &TcgEvent,
- (UINT8*)VarLog
- );
- } else {
- Status = TcgDxeHashLogExtendEvent (
- 0,
- (UINT8*)VarData,
- VarSize,
- &TcgEvent,
- (UINT8*)VarLog
- );
- }
+ Status = TcgDxeHashLogExtendEvent (
+ 0,
+ (UINT8*)VarLog,
+ TcgEvent.EventSize,
+ &TcgEvent,
+ (UINT8*)VarLog
+ );
+
FreePool (VarLog);
return Status;
}
--
1.9.5.msysgit.1