On 11/29/21 14:30, Ilias Apalodimas wrote:
Hi Michal,
On Mon, 29 Nov 2021 at 15:06, Michal Simek <michal.si...@xilinx.com> wrote:
For systems which have TPM support enabled but actual device is missing
there is no reason to show a message that measurement failed.
That's why properly check error code which is returned.
Signed-off-by: Michal Simek <michal.si...@xilinx.com>
---
lib/efi_loader/efi_image_loader.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/efi_loader/efi_image_loader.c
b/lib/efi_loader/efi_image_loader.c
index eb95580538cc..c6a254dc25dd 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -934,8 +934,9 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj
*handle,
#if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL)
/* Measure an PE/COFF image */
- if (tcg2_measure_pe_image(efi, efi_size, handle,
- loaded_image_info))
+ ret = tcg2_measure_pe_image(efi, efi_size, handle,
+ loaded_image_info);
+ if (ret && ret != EFI_NOT_FOUND)
log_err("PE image measurement failed\n");
#endif
Indeed that's needed. Looking at it again though maybe it's better to
add an identical check in tcg2_measure_pe_image() and return
EFI_SUCCESS if platform_get_tpm2_device() returned EFI_NOT_FOUND. The
reason is that other parts of the code return EFI_NOT_FOUND in that
function (e.g efi_search_protocol). So we need to make sure we report
the error in that case.
just like this?
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 8c1f22e3377b..db6e7488b7fb 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -887,8 +887,10 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64
efi_size,
struct efi_handler *handler;
ret = platform_get_tpm2_device(&dev);
- if (ret != EFI_SUCCESS)
+ if (ret != EFI_SUCCESS) {
+ ret = EFI_SUCCESS;
return ret;
+ }
switch (handle->image_type) {
case IMAGE_SUBSYSTEM_EFI_APPLICATION:
M
