From 2b5bbaf41e1e56bffad76f37bbcc3158b17c2cc1 Mon Sep 17 00:00:00 2001
From: Wenxing Hou <wenxing.hou@intel.com>
Date: Thu, 17 Aug 2023 09:41:46 +0800
Subject: [PATCH] Measurement should not be executed when challenge failed

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
---
 SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
index db500d788fd..6f89d6e0645 100644
--- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
+++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmSecurityLib.c
@@ -49,7 +49,8 @@ SpdmDeviceAuthenticationAndMeasurement (
       DEBUG ((DEBUG_ERROR, "DoDeviceAuthentication failed - %r\n", Status));
       goto Ret;
     } else {
-      if (AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG) {
+      if ((AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG) ||
+          (AuthState == TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID)) {
         goto Ret;
       } else {
         IsAuthenticated = TRUE;