Hi Heinrich

On Sun, 30 Jul 2023 at 12:25, Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:

If the hard coded array hash_algo_list[] contains an entry for an unsupported algorithm, we should not leak resources new_efi and regs.

We should still extend the log with the digests for the supported algorithms.

We shouldn't really add events in the log that are not extended in the TPM. There's a check on top of the loop checking for active algorithms (the ones that are supported and active on the hardware), isnt that enough?

Thanks /Ilias

Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement") Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com

---

lib/efi_loader/efi_tcg2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 49f8a5e77c..18abe91bce 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -931,7 +931,7 @@ static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, break; default: EFI_PRINT("Unsupported algorithm %x\n", hash_alg);

•                   return EFI_INVALID_PARAMETER;
  

•                   continue;
            }
            digest_list->digests[digest_list->count].hash_alg = hash_alg;
            memcpy(&digest_list->digests[digest_list->count].digest, hash,
  

-- 2.40.1