efi_loader: efi_tcg2_register returns appropriate error This commit modify efi_tcg2_register() to return the appropriate error. With this fix, sandbox will not boot because efi_tcg2_register() fails due to some missing feature in GetCapabilities. So disable sandbox if EFI_TCG2_PROTOCOL is enabled. UEFI secure boot variable measurement is not directly related to TCG2 protocol installation, tcg2_measure_secure_boot_variable() is moved to the separate function. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

commit: 54bec17f6b0326bbc22f993d28170d4c4df4ceed [log] [tgz]
author: Masahisa Kojima <masahisa.kojima@linaro.org> Tue Dec 07 14:15:31 2021 +0900
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Thu Dec 09 11:43:25 2021 -0800
tree: 8abef9e20ff7c5496c62ee7f730590733b77c6e3
parent: 446266b024c971a6afa4eb256b2995a245d4eb49 [diff] [blame]
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 1aba71c..49172e3 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c

@@ -241,6 +241,10 @@
 		ret = efi_tcg2_register();
 		if (ret != EFI_SUCCESS)
 			goto out;
+
+		ret = efi_tcg2_do_initial_measurement();
+		if (ret == EFI_SECURITY_VIOLATION)
+			goto out;
 	}
 
 	/* Secure boot */
commit	54bec17f6b0326bbc22f993d28170d4c4df4ceed	[log] [tgz]
author	Masahisa Kojima <masahisa.kojima@linaro.org>	Tue Dec 07 14:15:31 2021 +0900
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Thu Dec 09 11:43:25 2021 -0800
tree	8abef9e20ff7c5496c62ee7f730590733b77c6e3
parent	446266b024c971a6afa4eb256b2995a245d4eb49 [diff] [blame]