From 213cc1000e6af3c90aefdef2f0f9d5aa99f758d1 Mon Sep 17 00:00:00 2001 From: Dong Guo Date: Wed, 10 Dec 2014 08:09:20 +0000 Subject: Add failed image Name in the Image Execution Information Table. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo Reviewed-by: Fu Siyuan Reviewed-by: Zhang Chao B git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16493 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'SecurityPkg') diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 0243eb8c06..443926b507 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -769,7 +769,7 @@ AddImageExeInfo ( } DevicePathSize = GetDevicePathSize (DevicePath); - NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize; + NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) - sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize + SignatureSize; NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize); if (NewImageExeInfoTable == NULL) { return ; @@ -1475,6 +1475,7 @@ DxeImageVerificationHandler ( UINTN AuthDataSize; EFI_IMAGE_DATA_DIRECTORY *SecDataDir; UINT32 OffSet; + CHAR16 *NameStr; SignatureList = NULL; SignatureListSize = 0; @@ -1778,7 +1779,12 @@ Done: // // Policy decides to defer or reject the image; add its information in image executable information table. // - AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize); + NameStr = ConvertDevicePathToText (File, FALSE, TRUE); + AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize); + if (NameStr != NULL) { + DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr)); + FreePool(NameStr); + } Status = EFI_SECURITY_VIOLATION; } -- cgit v1.2.3