diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index af242af142..3ac202a32b 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -595,15 +595,15 @@ IsCertHashFoundInDbx ( goto Done; } - if (!mHash[HashAlg].HashInit (HashCtx)) { + if (EFI_ERROR(mHash[HashAlg].HashInit (HashCtx))) { goto Done; } - if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) { + if (EFI_ERROR(mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize))) { goto Done; } - if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) { + if (EFI_ERROR(mHash[HashAlg].HashFinal (HashCtx, CertDigest))) { goto Done; } diff --git a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c index e9bee506c4..39f4e33216 100644 --- a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c +++ b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c @@ -45,10 +45,10 @@ Tpm2SetSha1ToDigestList ( @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha1HashInit ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ) { VOID *Sha1Ctx; @@ -56,13 +56,15 @@ Sha1HashInit ( CtxSize = Sha1GetContextSize (); Sha1Ctx = AllocatePool (CtxSize); - ASSERT (Sha1Ctx != NULL); + if (Sha1Ctx == NULL) { + return EFI_OUT_OF_RESOURCES; + } Sha1Init (Sha1Ctx); - *HashHandle = Sha1Ctx; + *HashHandle = (HASH_HANDLE)Sha1Ctx; - return TRUE; + return EFI_SUCCESS; } /** @@ -74,17 +76,17 @@ Sha1HashInit ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha1HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, IN UINTN DataToHashLen ) { - Sha1Update (HashHandle, DataToHash, DataToHashLen); + Sha1Update ((VOID *)HashHandle, DataToHash, DataToHashLen); - return TRUE; + return EFI_SUCCESS; } /** @@ -95,28 +97,28 @@ Sha1HashUpdate ( @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha1HashFinal ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, OUT TPML_DIGEST_VALUES *DigestList ) { UINT8 Digest[SHA1_DIGEST_SIZE]; - Sha1Final (HashHandle, Digest); + Sha1Final ((VOID *)HashHandle, Digest); - FreePool (HashHandle); + FreePool ((VOID *)HashHandle); Tpm2SetSha1ToDigestList (DigestList, Digest); - return TRUE; + return EFI_SUCCESS; } HASH_INTERFACE mSha1InternalHashInstance = { HASH_ALGORITHM_SHA1_GUID, Sha1HashInit, - Sha1Update, + Sha1HashUpdate, Sha1HashFinal, }; diff --git a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c index d02d325cec..57c8c9590a 100644 --- a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c +++ b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c @@ -45,10 +45,10 @@ Tpm2SetSha256ToDigestList ( @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha256HashInit ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ) { VOID *Sha256Ctx; @@ -56,13 +56,15 @@ Sha256HashInit ( CtxSize = Sha256GetContextSize (); Sha256Ctx = AllocatePool (CtxSize); - ASSERT (Sha256Ctx != NULL); + if (Sha256Ctx == NULL) { + return EFI_OUT_OF_RESOURCES; + } Sha256Init (Sha256Ctx); - *HashHandle = Sha256Ctx; + *HashHandle = (HASH_HANDLE)Sha256Ctx; - return TRUE; + return EFI_SUCCESS; } /** @@ -74,17 +76,17 @@ Sha256HashInit ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha256HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, IN UINTN DataToHashLen ) { - Sha256Update (HashHandle, DataToHash, DataToHashLen); + Sha256Update ((VOID *)HashHandle, DataToHash, DataToHashLen); - return TRUE; + return EFI_SUCCESS; } /** @@ -95,22 +97,22 @@ Sha256HashUpdate ( @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha256HashFinal ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, OUT TPML_DIGEST_VALUES *DigestList ) { UINT8 Digest[SHA256_DIGEST_SIZE]; - Sha256Final (HashHandle, Digest); + Sha256Final ((VOID *)HashHandle, Digest); - FreePool (HashHandle); + FreePool ((VOID *)HashHandle); Tpm2SetSha256ToDigestList (DigestList, Digest); - return TRUE; + return EFI_SUCCESS; } HASH_INTERFACE mSha256InternalHashInstance = { diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c index 1f21483e16..4997874eb0 100644 --- a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c @@ -56,7 +56,9 @@ Sha384HashInit ( CtxSize = Sha384GetContextSize (); Sha384Ctx = AllocatePool (CtxSize); - ASSERT (Sha384Ctx != NULL); + if (Sha384Ctx == NULL) { + return EFI_OUT_OF_RESOURCES; + } Sha384Init (Sha384Ctx); @@ -106,12 +108,10 @@ Sha384HashFinal ( ) { UINT8 Digest[SHA384_DIGEST_SIZE]; - VOID *Sha384Ctx; - Sha384Ctx = (VOID *)HashHandle; - Sha384Final (Sha384Ctx, Digest); + Sha384Final ((VOID *)HashHandle, Digest); - FreePool (Sha384Ctx); + FreePool ((VOID *)HashHandle); Tpm2SetSha384ToDigestList (DigestList, Digest); diff --git a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c index 7b47d7d9f7..22f0100c19 100644 --- a/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c +++ b/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c @@ -44,10 +44,10 @@ Tpm2SetSha512ToDigestList ( @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha512HashInit ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ) { VOID *Sha512Ctx; @@ -55,13 +55,15 @@ Sha512HashInit ( CtxSize = Sha512GetContextSize (); Sha512Ctx = AllocatePool (CtxSize); - ASSERT (Sha512Ctx != NULL); + if (Sha512Ctx == NULL) { + return EFI_OUT_OF_RESOURCES; + } Sha512Init (Sha512Ctx); - *HashHandle = Sha512Ctx; + *HashHandle = (HASH_HANDLE)Sha512Ctx; - return TRUE; + return EFI_SUCCESS; } /** @@ -73,17 +75,17 @@ Sha512HashInit ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha512HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - Sha512Update (HashHandle, DataToHash, DataToHashLen); + Sha512Update ((VOID *)HashHandle, DataToHash, DataToHashLen); - return TRUE; + return EFI_SUCCESS; } /** @@ -94,24 +96,22 @@ Sha512HashUpdate ( @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha512HashFinal ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, OUT TPML_DIGEST_VALUES *DigestList ) { UINT8 Digest[SHA512_DIGEST_SIZE]; - VOID *Sha512Ctx; - Sha512Ctx = (VOID *)HashHandle; - Sha512Final (Sha512Ctx, Digest); + Sha512Final ((VOID *)HashHandle, Digest); - FreePool (Sha512Ctx); + FreePool ((VOID *)HashHandle); Tpm2SetSha512ToDigestList (DigestList, Digest); - return TRUE; + return EFI_SUCCESS; } HASH_INTERFACE mSha512InternalHashInstance = { diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c index bdb8575826..794a2f6f89 100644 --- a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c +++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c @@ -44,10 +44,10 @@ Tpm2SetSm3ToDigestList ( @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI Sm3HashInit ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ) { VOID *Sm3Ctx; @@ -56,14 +56,14 @@ Sm3HashInit ( CtxSize = Sm3GetContextSize (); Sm3Ctx = AllocatePool (CtxSize); if (Sm3Ctx == NULL) { - return FALSE; + return EFI_OUT_OF_RESOURCES; } Sm3Init (Sm3Ctx); - *HashHandle = Sm3Ctx; + *HashHandle = (HASH_HANDLE)Sm3Ctx; - return TRUE; + return EFI_SUCCESS; } /** @@ -75,17 +75,17 @@ Sm3HashInit ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI Sm3HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, - IN UINTN DataToHashLen + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen ) { - Sm3Update (HashHandle, DataToHash, DataToHashLen); + Sm3Update ((VOID *)HashHandle, DataToHash, DataToHashLen); - return TRUE; + return EFI_SUCCESS; } /** @@ -96,22 +96,22 @@ Sm3HashUpdate ( @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. **/ -BOOLEAN +EFI_STATUS EFIAPI Sm3HashFinal ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, OUT TPML_DIGEST_VALUES *DigestList ) { UINT8 Digest[SM3_256_DIGEST_SIZE]; - Sm3Final (HashHandle, Digest); + Sm3Final ((VOID *)HashHandle, Digest); - FreePool (HashHandle); + FreePool ((VOID *)HashHandle); Tpm2SetSm3ToDigestList (DigestList, Digest); - return TRUE; + return EFI_SUCCESS; } HASH_INTERFACE mSm3InternalHashInstance = { diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c index 5d1312c32c..44a601cd39 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -59,13 +59,13 @@ CheckSupportedHashMaskMismatch ( @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI HashStart ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ) { - VOID **HashCtx; + HASH_HANDLE *HashCtx; UINTN Index; UINT32 HashMask; @@ -76,7 +76,9 @@ HashStart ( CheckSupportedHashMaskMismatch (); HashCtx = AllocatePool (sizeof (*HashCtx) * mHashInterfaceCount); - ASSERT (HashCtx != NULL); + if (HashCtx == NULL) { + return EFI_OUT_OF_RESOURCES; + } for (Index = 0; Index < mHashInterfaceCount; Index++) { HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid); @@ -85,9 +87,9 @@ HashStart ( } } - *HashHandle = HashCtx; + *HashHandle = (HASH_HANDLE)HashCtx; - return TRUE; + return EFI_SUCCESS; } /** @@ -99,15 +101,15 @@ HashStart ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, IN UINTN DataToHashLen ) { - VOID **HashCtx; + HASH_HANDLE *HashCtx; UINTN Index; UINT32 HashMask; @@ -117,7 +119,7 @@ HashUpdate ( CheckSupportedHashMaskMismatch (); - HashCtx = (VOID **)HashHandle; + HashCtx = (HASH_HANDLE *)HashHandle; for (Index = 0; Index < mHashInterfaceCount; Index++) { HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid); @@ -126,7 +128,7 @@ HashUpdate ( } } - return TRUE; + return EFI_SUCCESS; } /** @@ -186,7 +188,7 @@ Tpm2ExtendNvIndex ( EFI_STATUS EFIAPI HashCompleteAndExtend ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, IN TPMI_DH_PCR PcrIndex, IN VOID *DataToHash, IN UINTN DataToHashLen, @@ -194,7 +196,7 @@ HashCompleteAndExtend ( ) { TPML_DIGEST_VALUES Digest; - VOID **HashCtx; + HASH_HANDLE *HashCtx; UINTN Index; EFI_STATUS Status; UINT32 HashMask; @@ -210,7 +212,7 @@ HashCompleteAndExtend ( CheckSupportedHashMaskMismatch (); - HashCtx = (VOID **)HashHandle; + HashCtx = (HASH_HANDLE *)HashHandle; ZeroMem (DigestList, sizeof (*DigestList)); for (Index = 0; Index < mHashInterfaceCount; Index++) { @@ -269,7 +271,7 @@ HashAndExtend ( OUT TPML_DIGEST_VALUES *DigestList ) { - VOID *HashHandle; + HASH_HANDLE HashHandle; EFI_STATUS Status; if (mHashInterfaceCount == 0) { diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootUefiImage.c b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootUefiImage.c index 1e31b7e4ed..338e603c33 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootUefiImage.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootUefiImage.c @@ -23,6 +23,21 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +STATIC +EFI_STATUS +EFIAPI +UifiImageHashUpdate ( + IN UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext, + IN HASH_HANDLE HashHandle + ) +{ + return UefiImageHashImageDefault ( + ImageContext, + (VOID *)HashHandle, + (UEFI_IMAGE_LOADER_HASH_UPDATE)HashUpdate + ) ? EFI_SUCCESS : EFI_ABORTED; +} + /** Measure UEFI image into TPM log based on its default image hashing. @@ -49,11 +64,11 @@ MeasureUefiImageAndExtend ( OUT TPML_DIGEST_VALUES *DigestList ) { - EFI_STATUS Status; - VOID *HashHandle; - UEFI_IMAGE_LOADER_IMAGE_CONTEXT ImageContext; + EFI_STATUS Status; + HASH_HANDLE HashHandle; + UEFI_IMAGE_LOADER_IMAGE_CONTEXT ImageContext; - Status = EFI_UNSUPPORTED; + Status = EFI_UNSUPPORTED; // FIXME: Can this somehow be abstracted away? // @@ -63,7 +78,8 @@ MeasureUefiImageAndExtend ( &ImageContext, (VOID *) (UINTN) ImageAddress, (UINT32) ImageSize, - UEFI_IMAGE_SOURCE_ALL + UEFI_IMAGE_SOURCE_ALL, + UefiImageOriginFv ); if (EFI_ERROR (Status)) { // @@ -85,7 +101,7 @@ MeasureUefiImageAndExtend ( } // FIXME: This is just an ugly wrapper, the types should match (UINTN <-> VOID *), fix the libs - UefiImageHashImageDefault (&ImageContext, HashHandle, HashUpdate); + Status = UifiImageHashUpdate (&ImageContext, HashHandle); if (EFI_ERROR (Status)) { return Status; } diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 5c678b1db8..629f59c9d3 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1983,7 +1983,8 @@ EnrollImageSignatureToSigDB ( &ImageContext, ImageBase, (UINT32)ImageSize, - UEFI_IMAGE_SOURCE_NON_FV + UEFI_IMAGE_SOURCE_NON_FV, + UefiImageOriginOptionROM ); if (EFI_ERROR (Status)) { goto ON_EXIT;