Skip to content

Commit

Permalink
tpm: Don't return an error if event log is full
Browse files Browse the repository at this point in the history
Don't return an error if the firmware's event log is
full. The PCR should still be extended in this case
so there is no reason to make the system unbootable.
  • Loading branch information
kukrimate committed Apr 18, 2024
1 parent 3e1394e commit 2e13343
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions tpm.c
Original file line number Diff line number Diff line change
Expand Up @@ -201,11 +201,18 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
*/
efi_status = tpm2->hash_log_extend_event(tpm2,
PE_COFF_IMAGE, buf, (UINT64) size, event);
/* don't return an error if the firmware's event log is
* full. the PCR should still be extended in this case
* so there is no reason to make the system unbootable */
if (efi_status == EFI_VOLUME_FULL)
efi_status = EFI_SUCCESS;
}

if (!hash || EFI_ERROR(efi_status)) {
efi_status = tpm2->hash_log_extend_event(tpm2,
0, buf, (UINT64) size, event);
if (efi_status == EFI_VOLUME_FULL)
efi_status = EFI_SUCCESS;
}
FreePool(event);
return efi_status;
Expand Down Expand Up @@ -239,10 +246,14 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
CopyMem(event->digest, hash, sizeof(event->digest));
efi_status = tpm->log_extend_event(tpm, 0, 0,
TPM_ALG_SHA, event, &eventnum, &lastevent);
if (efi_status == EFI_VOLUME_FULL)
efi_status = EFI_SUCCESS;
} else {
efi_status = tpm->log_extend_event(tpm, buf,
(UINT64)size, TPM_ALG_SHA, event, &eventnum,
&lastevent);
if (efi_status == EFI_VOLUME_FULL)
efi_status = EFI_SUCCESS;
}
if (efi_status == EFI_UNSUPPORTED) {
perror(L"Could not write TPM event: %r. Considering "
Expand Down

0 comments on commit 2e13343

Please sign in to comment.