019c0941b8
The value of tpm_handle changes between successive calls to grub_tpm_handle_find(), as instead of simply copying the stored pointer we end up taking the address of said pointer when using the cached value of grub_tpm_handle. This causes grub_efi_open_protocol() to return a nullptr in grub_tpm2_execute() and grub_tpm2_log_event(). Said nullptr goes unchecked and efi_call_5(tpm->hash_log_extend_event,...) ends up jumping to 0x0, Qemu crashes once video ROM is reached at 0xb0000. This patch seems to do the trick of fixing that bug, but we should also ensure that all calls to grub_efi_open_protocol() are checked so that we don't start executing low memory. Signed-off-by: Max Tottenham <mtottenh@akamai.com> Reviewed-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
||
|---|---|---|
| .. | ||
| efifwsetup.c | ||
| fixvideo.c | ||
| getenv.c | ||
| loadbios.c | ||
| lsefi.c | ||
| lsefimmap.c | ||
| lsefisystab.c | ||
| lssal.c | ||
| shim_lock.c | ||
| smbios.c | ||
| tpm.c | ||