From 96b90e150c2f107c64a827e82451b642a42df686 Mon Sep 17 00:00:00 2001
From: Matthew Carlson <macarl@microsoft.com>
Date: Fri, 19 Jun 2020 20:49:33 +0000
Subject: SecurityPkg: Measure Invoke EBS even in failure case

This patch measures the ExitBootServices invocation to the
TPM even in the case of ExitBootServices failing, per TCG
PC Client Platform Firmware Profile Version 1.06 Revision
52 Family 2.0 section 8.2.4(i).

Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
---
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'SecurityPkg')

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index b55b6c12d2..4d0c241f4d 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2615,6 +2615,17 @@ OnExitBootServicesFailed (
 {
   EFI_STATUS  Status;
 
+  //
+  // Measure invocation of ExitBootServices,
+  //
+  Status = TcgMeasureAction (
+             5,
+             EFI_EXIT_BOOT_SERVICES_INVOCATION
+             );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION));
+  }
+
   //
   // Measure Failure of ExitBootServices,
   //
-- 
cgit