mirror of https://github.com/acidanthera/audk.git
1. Fix a bug when verify the CertType GUID in authentication variable data payload.
Signed-off-by: sfu5 Reviewed-by: tye1 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12831 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
da38df1d09
commit
855609196d
|
@ -139,7 +139,7 @@ typedef struct {
|
||||||
///
|
///
|
||||||
/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType
|
/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType
|
||||||
/// WIN_CERTIFICATE_UEFI_GUID and the CertType
|
/// WIN_CERTIFICATE_UEFI_GUID and the CertType
|
||||||
/// EFI_CERT_TYPE_RSA2048_SHA256. If the attribute specifies
|
/// EFI_CERT_TYPE_RSA2048_SHA256_GUID. If the attribute specifies
|
||||||
/// authenticated access, then the Data buffer should begin with an
|
/// authenticated access, then the Data buffer should begin with an
|
||||||
/// authentication descriptor prior to the data payload and DataSize
|
/// authentication descriptor prior to the data payload and DataSize
|
||||||
/// should reflect the the data.and descriptor size. The caller
|
/// should reflect the the data.and descriptor size. The caller
|
||||||
|
|
|
@ -416,7 +416,7 @@ AddPubKeyInStore (
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256 type.
|
Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID type.
|
||||||
Follow the steps in UEFI2.2.
|
Follow the steps in UEFI2.2.
|
||||||
|
|
||||||
@param[in] Data Pointer to data with AuthInfo.
|
@param[in] Data Pointer to data with AuthInfo.
|
||||||
|
@ -454,10 +454,10 @@ VerifyCounterBasedPayload (
|
||||||
|
|
||||||
//
|
//
|
||||||
// wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
|
// wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
|
||||||
// Cert type should be EFI_CERT_TYPE_RSA2048_SHA256.
|
// Cert type should be EFI_CERT_TYPE_RSA2048_SHA256_GUID.
|
||||||
//
|
//
|
||||||
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
|
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
|
||||||
!CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertRsa2048Sha256Guid)
|
!CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertTypeRsa2048Sha256Guid)
|
||||||
) {
|
) {
|
||||||
//
|
//
|
||||||
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
|
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
|
||||||
|
|
|
@ -67,7 +67,7 @@
|
||||||
gEfiAuthenticatedVariableGuid ## PRODUCES ## Configuration Table Guid
|
gEfiAuthenticatedVariableGuid ## PRODUCES ## Configuration Table Guid
|
||||||
gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
|
gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
|
||||||
gEfiEventVirtualAddressChangeGuid ## PRODUCES ## Event
|
gEfiEventVirtualAddressChangeGuid ## PRODUCES ## Event
|
||||||
gEfiCertRsa2048Sha256Guid
|
gEfiCertTypeRsa2048Sha256Guid
|
||||||
gEfiImageSecurityDatabaseGuid
|
gEfiImageSecurityDatabaseGuid
|
||||||
gEfiCertX509Guid
|
gEfiCertX509Guid
|
||||||
gEfiCertPkcs7Guid
|
gEfiCertPkcs7Guid
|
||||||
|
|
|
@ -72,7 +72,7 @@
|
||||||
gEfiAuthenticatedVariableGuid ## PRODUCES ## Configuration Table Guid
|
gEfiAuthenticatedVariableGuid ## PRODUCES ## Configuration Table Guid
|
||||||
gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
|
gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
|
||||||
gSmmVariableWriteGuid ## PRODUCES ## SMM Variable Write Guid
|
gSmmVariableWriteGuid ## PRODUCES ## SMM Variable Write Guid
|
||||||
gEfiCertRsa2048Sha256Guid
|
gEfiCertTypeRsa2048Sha256Guid
|
||||||
gEfiImageSecurityDatabaseGuid
|
gEfiImageSecurityDatabaseGuid
|
||||||
gEfiCertX509Guid
|
gEfiCertX509Guid
|
||||||
gEfiCertPkcs7Guid
|
gEfiCertPkcs7Guid
|
||||||
|
|
Loading…
Reference in New Issue