Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: dafce295e6f447ed8905db4e29241e2c6c2a4389
https://github.com/tianocore/edk2/commit/dafce295e6f447ed8905db4e29241e2c6c2a4389
Author: Laszlo Ersek <[email protected]>
Date: 2020-06-09 (Tue, 09 Jun 2020)
Changed paths:
M OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
Log Message:
-----------
OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from LoadImage()
When an image fails Secure Boot validation, LoadImage() returns
EFI_SECURITY_VIOLATION if the platform policy is
DEFER_EXECUTE_ON_SECURITY_VIOLATION.
If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then
LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain
loaded).
(Before <https://bugzilla.tianocore.org/show_bug.cgi?id=2129>, this
difference would be masked, as DxeImageVerificationLib would incorrectly
return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as
well.)
In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon
seeing EFI_ACCESS_DENIED too.
Cc: Ard Biesheuvel <[email protected]>
Cc: Jordan Justen <[email protected]>
Cc: Philippe Mathieu-Daudé <[email protected]>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785
Signed-off-by: Laszlo Ersek <[email protected]>
Message-Id: <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Ard Biesheuvel <[email protected]>
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
