tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix time-based and count-based authenticated variable can be updated by each other without verification. 

Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13848 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
gdong1 2012-10-15 06:08:22 +00:00
parent 389b5518bf
commit 89be2b037f
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -1137,6 +1137,22 @@ ProcessVariable (
return EFI_SECURITY_VIOLATION; return EFI_SECURITY_VIOLATION;
} }
//
// A time-based authenticated variable and a count-based authenticated variable
// can't be updated by each other.
//
if (Variable->CurrPtr != NULL) {
if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) &&
((Variable->CurrPtr->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {
return EFI_SECURITY_VIOLATION;
}
if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) &&
((Variable->CurrPtr->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) {
return EFI_SECURITY_VIOLATION;
}
}
// //
// Process Time-based Authenticated variable. // Process Time-based Authenticated variable.
// //