Fall-back TPM2 measurement if it fails with PE_COFF_IMAGE flag

Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
author: Tamas K Lengyel <lengyelt@ainfosec.com> 2017-11-08 15:44:56 -0700
committer: Peter Jones <pjones@redhat.com> 2018-03-06 14:42:32 -0500
commit: 571bfc95a662dda966fb236bd95c0c1dbc7e29cc (patch)
tree: d1b251ce6d00e7558a868a72b21b55029840c7ee /tpm.c
parent: ba06a4362d22b41887bb4121694e0562cefa5385 (diff)
download: efi-boot-shim-571bfc95a662dda966fb236bd95c0c1dbc7e29cc.tar.gz
efi-boot-shim-571bfc95a662dda966fb236bd95c0c1dbc7e29cc.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/tpm.c b/tpm.c
index dbbafbf1..43e53c11 100644
--- a/tpm.c
+++ b/tpm.c
@@ -195,12 +195,15 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
 		CopyMem(event->Event, (VOID *)log, logsize);
 		if (hash) {
 			/* TPM 2 systems will generate the appropriate hash
-			   themselves if we pass PE_COFF_IMAGE
+			   themselves if we pass PE_COFF_IMAGE.  In case that
+			   fails we fall back to measuring without it.
 			*/
 			status = uefi_call_wrapper(tpm2->hash_log_extend_event,
 						   5, tpm2, PE_COFF_IMAGE, buf,
 						   (UINT64) size, event);
-		} else {
+		}
+
+	        if (!hash || EFI_ERROR(status)) {
 			status = uefi_call_wrapper(tpm2->hash_log_extend_event,
 						   5, tpm2, 0, buf,
 						   (UINT64) size, event);
author	Tamas K Lengyel <lengyelt@ainfosec.com>	2017-11-08 15:44:56 -0700
committer	Peter Jones <pjones@redhat.com>	2018-03-06 14:42:32 -0500
commit	571bfc95a662dda966fb236bd95c0c1dbc7e29cc (patch)
tree	d1b251ce6d00e7558a868a72b21b55029840c7ee /tpm.c
parent	ba06a4362d22b41887bb4121694e0562cefa5385 (diff)
download	efi-boot-shim-571bfc95a662dda966fb236bd95c0c1dbc7e29cc.tar.gz efi-boot-shim-571bfc95a662dda966fb236bd95c0c1dbc7e29cc.zip