Skip to content
Commit 49412761 authored by Gerd Hoffmann's avatar Gerd Hoffmann Committed by mergify[bot]
Browse files

SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2 

Call gRT->GetVariable() directly to read the SecureBoot variable.  It is
one byte in size so we can easily place it on the stack instead of
having GetEfiGlobalVariable2() allocate it for us, which avoids a few
possible error cases.

Skip secure boot checks if (and only if):

 (a) the SecureBoot variable is not present (EFI_NOT_FOUND) according to
     the return value, or
 (b) the SecureBoot variable was read successfully and is set to
     SECURE_BOOT_MODE_DISABLE.

Previously the code skipped the secure boot checks on *any*
gRT->GetVariable() error (GetEfiGlobalVariable2 sets the variable
value to NULL in that case) and also on memory allocation failures.

Fixes: CVE-2019-14560
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2167


Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
Suggested-by: default avatarMarvin Häuser <mhaeuser@posteo.de>
Reviewed-by: default avatarMin Xu <min.m.xu@intel.com>
Reviewed-by: default avatarJiewen Yao <jiewen.yao@intel.com>
parent b7a8264a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment