]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
efi_loader: add missing parameter check for EFI_TCG2_PROTOCOL api
authorMasahisa Kojima <masahisa.kojima@linaro.org>
Fri, 3 Sep 2021 01:55:50 +0000 (10:55 +0900)
committerHeinrich Schuchardt <xypron.glpk@gmx.de>
Sat, 4 Sep 2021 10:03:57 +0000 (12:03 +0200)
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
lib/efi_loader/efi_tcg2.c

index 35e69b911290aea8995d826fae54c48a108f9e58..c4e9f61fd6d6b20bc3872d92cd955f650c1a7d13 100644 (file)
@@ -708,6 +708,18 @@ efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
        EFI_ENTRY("%p, %u, %p, %p,  %p", this, log_format, event_log_location,
                  event_log_last_entry, event_log_truncated);
 
+       if (!this || !event_log_location || !event_log_last_entry ||
+           !event_log_truncated) {
+               ret = EFI_INVALID_PARAMETER;
+               goto out;
+       }
+
+       /* Only support TPMV2 */
+       if (log_format != TCG2_EVENT_LOG_FORMAT_TCG_2) {
+               ret = EFI_INVALID_PARAMETER;
+               goto out;
+       }
+
        ret = platform_get_tpm2_device(&dev);
        if (ret != EFI_SUCCESS) {
                event_log_location = NULL;
@@ -965,6 +977,7 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
                                   data_to_hash_len, (void **)&nt);
                if (ret != EFI_SUCCESS) {
                        log_err("Not a valid PE-COFF file\n");
+                       ret = EFI_UNSUPPORTED;
                        goto out;
                }
                ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash,
@@ -1038,9 +1051,15 @@ efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
 {
        efi_status_t ret;
 
+       if (!this || !active_pcr_banks) {
+               ret = EFI_INVALID_PARAMETER;
+               goto out;
+       }
+
        EFI_ENTRY("%p, %p", this, active_pcr_banks);
        ret = __get_active_pcr_banks(active_pcr_banks);
 
+out:
        return EFI_EXIT(ret);
 }