efi_loader: efi_tcg2_register returns appropriate error

This commit modify efi_tcg2_register() to return the appropriate error. With this fix, sandbox will not boot because efi_tcg2_register() fails due to some missing feature in GetCapabilities. So disable sandbox if EFI_TCG2_PROTOCOL is enabled. UEFI secure boot variable measurement is not directly related to TCG2 protocol installation, tcg2_measure_secure_boot_variable() is moved to the separate function. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
author: Masahisa Kojima <masahisa.kojima@linaro.org> 2021-12-07 14:15:31 +0900
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2021-12-09 11:43:25 -0800
commit: 54bec17f6b0326bbc22f993d28170d4c4df4ceed (patch)
tree: 8abef9e20ff7c5496c62ee7f730590733b77c6e3 /lib/efi_loader/efi_setup.c
parent: 446266b024c971a6afa4eb256b2995a245d4eb49 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
index 1aba71cd962..49172e35798 100644
--- a/lib/efi_loader/efi_setup.c
+++ b/lib/efi_loader/efi_setup.c
@@ -241,6 +241,10 @@ efi_status_t efi_init_obj_list(void)
 		ret = efi_tcg2_register();
 		if (ret != EFI_SUCCESS)
 			goto out;
+
+		ret = efi_tcg2_do_initial_measurement();
+		if (ret == EFI_SECURITY_VIOLATION)
+			goto out;
 	}
 
 	/* Secure boot */
author	Masahisa Kojima <masahisa.kojima@linaro.org>	2021-12-07 14:15:31 +0900
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	2021-12-09 11:43:25 -0800
commit	54bec17f6b0326bbc22f993d28170d4c4df4ceed (patch)
tree	8abef9e20ff7c5496c62ee7f730590733b77c6e3 /lib/efi_loader/efi_setup.c
parent	446266b024c971a6afa4eb256b2995a245d4eb49 (diff)