From 3bbf2899d0ba2940309e0c8432dec87bbd62b261 Mon Sep 17 00:00:00 2001 From: Matthew Carlson Date: Fri, 19 Jun 2020 20:49:33 +0000 Subject: [PATCH] SecurityPkg: Measure Invoke EBS even in failure case This patch measures the ExitBootServices invocation to the TPM even in the case of ExitBootServices failing, so that we can keep a record of the failures and know what is expected. --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index b55b6c12d2..d736a4c453 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -2615,6 +2615,20 @@ OnExitBootServicesFailed ( { EFI_STATUS Status; + // MU_CHANGE START: TCBZ2753 + // + // Measure invocation of ExitBootServices, + // + Status = TcgMeasureAction ( + 5, + EFI_EXIT_BOOT_SERVICES_INVOCATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION)); + } + + // MU_CHANGE END TCBZ2753 + // // Measure Failure of ExitBootServices, //