diff options
author | Laszlo Ersek <lersek@redhat.com> | 2020-01-16 11:37:04 +0100 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-01-31 09:35:31 +0000 |
commit | 1e0f973b65c34841288c25fd441a37eec8a30ac7 (patch) | |
tree | 7b321c2a4e1bc1820f541b50801bcc64e0dc8255 /SecurityPkg/Library | |
parent | 83357313dd6750e5c3c4e290676acee9d391d9e3 (diff) | |
download | edk2-1e0f973b65c34841288c25fd441a37eec8a30ac7.zip edk2-1e0f973b65c34841288c25fd441a37eec8a30ac7.tar.gz edk2-1e0f973b65c34841288c25fd441a37eec8a30ac7.tar.bz2 |
SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"
In the DxeImageVerificationHandler() function, the "VerifyStatus" variable
can only contain one of two values: EFI_SUCCESS and EFI_ACCESS_DENIED.
Furthermore, the variable is only consumed with EFI_ERROR().
Therefore, using the EFI_STATUS type for the variable is unnecessary.
Worse, given the complex meanings of the function's return values, using
EFI_STATUS for "VerifyStatus" is actively confusing.
Rename the variable to "IsVerified", and make it a simple BOOLEAN.
This patch is a no-op, regarding behavior.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-2-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
Diffstat (limited to 'SecurityPkg/Library')
-rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index a0a12b5..5afd723 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1563,7 +1563,7 @@ DxeImageVerificationHandler ( {
EFI_STATUS Status;
EFI_IMAGE_DOS_HEADER *DosHdr;
- EFI_STATUS VerifyStatus;
+ BOOLEAN IsVerified;
EFI_SIGNATURE_LIST *SignatureList;
UINTN SignatureListSize;
EFI_SIGNATURE_DATA *Signature;
@@ -1588,7 +1588,7 @@ DxeImageVerificationHandler ( PkcsCertData = NULL;
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
Status = EFI_ACCESS_DENIED;
- VerifyStatus = EFI_ACCESS_DENIED;
+ IsVerified = FALSE;
//
@@ -1812,16 +1812,16 @@ DxeImageVerificationHandler ( //
if (IsForbiddenByDbx (AuthData, AuthDataSize)) {
Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
- VerifyStatus = EFI_ACCESS_DENIED;
+ IsVerified = FALSE;
break;
}
//
// Check the digital signature against the valid certificate in allowed database (db).
//
- if (EFI_ERROR (VerifyStatus)) {
+ if (!IsVerified) {
if (IsAllowedByDb (AuthData, AuthDataSize)) {
- VerifyStatus = EFI_SUCCESS;
+ IsVerified = TRUE;
}
}
@@ -1831,11 +1831,11 @@ DxeImageVerificationHandler ( if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));
- VerifyStatus = EFI_ACCESS_DENIED;
+ IsVerified = FALSE;
break;
- } else if (EFI_ERROR (VerifyStatus)) {
+ } else if (!IsVerified) {
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
- VerifyStatus = EFI_SUCCESS;
+ IsVerified = TRUE;
} else {
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is not allowed by DB and %s hash of image is not found in DB/DBX.\n", mHashTypeStr));
}
@@ -1846,10 +1846,10 @@ DxeImageVerificationHandler ( //
// The Size in Certificate Table or the attribute certificate table is corrupted.
//
- VerifyStatus = EFI_ACCESS_DENIED;
+ IsVerified = FALSE;
}
- if (!EFI_ERROR (VerifyStatus)) {
+ if (IsVerified) {
return EFI_SUCCESS;
} else {
Status = EFI_ACCESS_DENIED;
|