mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-27 07:34:06 +02:00
1. Initialize certdb variable with correct value of list size.
2. Use gloable database array instead of calling AllocateZeroPool in SetVariable. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13671 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5
parent
efad60c584
commit
f6e233534e
@ -51,15 +51,6 @@ extern EFI_GUID gEfiCustomModeEnableGuid;
|
|||||||
#define CUSTOM_SECURE_BOOT_MODE 1
|
#define CUSTOM_SECURE_BOOT_MODE 1
|
||||||
#define STANDARD_SECURE_BOOT_MODE 0
|
#define STANDARD_SECURE_BOOT_MODE 0
|
||||||
|
|
||||||
///
|
|
||||||
/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
|
|
||||||
/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
|
||||||
///
|
|
||||||
///
|
|
||||||
#define EFI_CERT_DB_NAME L"certdb"
|
|
||||||
|
|
||||||
extern EFI_GUID gEfiCertDbGuid;
|
|
||||||
|
|
||||||
///
|
///
|
||||||
/// Alignment of variable name and data, according to the architecture:
|
/// Alignment of variable name and data, according to the architecture:
|
||||||
/// * For IA-32 and Intel(R) 64 architectures: 1.
|
/// * For IA-32 and Intel(R) 64 architectures: 1.
|
||||||
|
|||||||
@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||||||
///
|
///
|
||||||
UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
|
UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
|
||||||
UINT32 mPubKeyNumber;
|
UINT32 mPubKeyNumber;
|
||||||
|
UINT8 mCertDbStore[MAX_CERTDB_SIZE];
|
||||||
UINT32 mPlatformMode;
|
UINT32 mPlatformMode;
|
||||||
EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
|
EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
|
||||||
//
|
//
|
||||||
@ -398,7 +399,7 @@ AutenticatedVariableServiceInitialize (
|
|||||||
|
|
||||||
if (Variable.CurrPtr == NULL) {
|
if (Variable.CurrPtr == NULL) {
|
||||||
VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
|
VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
|
||||||
ListSize = 0;
|
ListSize = sizeof (UINT32);
|
||||||
Status = UpdateVariable (
|
Status = UpdateVariable (
|
||||||
EFI_CERT_DB_NAME,
|
EFI_CERT_DB_NAME,
|
||||||
&gEfiCertDbGuid,
|
&gEfiCertDbGuid,
|
||||||
@ -410,7 +411,9 @@ AutenticatedVariableServiceInitialize (
|
|||||||
&Variable,
|
&Variable,
|
||||||
NULL
|
NULL
|
||||||
);
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
@ -1664,10 +1667,7 @@ DeleteCertsFromDb (
|
|||||||
// Construct new data content of variable "certdb".
|
// Construct new data content of variable "certdb".
|
||||||
//
|
//
|
||||||
NewCertDbSize = (UINT32) DataSize - CertNodeSize;
|
NewCertDbSize = (UINT32) DataSize - CertNodeSize;
|
||||||
NewCertDb = AllocateZeroPool (NewCertDbSize);
|
NewCertDb = (UINT8*) mCertDbStore;
|
||||||
if (NewCertDb == NULL) {
|
|
||||||
return EFI_OUT_OF_RESOURCES;
|
|
||||||
}
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// Copy the DB entries before deleting node.
|
// Copy the DB entries before deleting node.
|
||||||
@ -1704,7 +1704,6 @@ DeleteCertsFromDb (
|
|||||||
NULL
|
NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
FreePool (NewCertDb);
|
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1794,10 +1793,10 @@ InsertCertsToDb (
|
|||||||
NameSize = (UINT32) StrLen (VariableName);
|
NameSize = (UINT32) StrLen (VariableName);
|
||||||
CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
|
CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
|
||||||
NewCertDbSize = (UINT32) DataSize + CertNodeSize;
|
NewCertDbSize = (UINT32) DataSize + CertNodeSize;
|
||||||
NewCertDb = AllocateZeroPool (NewCertDbSize);
|
if (NewCertDbSize > MAX_CERTDB_SIZE) {
|
||||||
if (NewCertDb == NULL) {
|
|
||||||
return EFI_OUT_OF_RESOURCES;
|
return EFI_OUT_OF_RESOURCES;
|
||||||
}
|
}
|
||||||
|
NewCertDb = (UINT8*) mCertDbStore;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Copy the DB entries before deleting node.
|
// Copy the DB entries before deleting node.
|
||||||
@ -1844,7 +1843,6 @@ InsertCertsToDb (
|
|||||||
NULL
|
NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
FreePool (NewCertDb);
|
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -36,14 +36,23 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||||||
/// "AuthVarKeyDatabase" variable for the Public Key store.
|
/// "AuthVarKeyDatabase" variable for the Public Key store.
|
||||||
///
|
///
|
||||||
#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
|
#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
|
||||||
#define AUTHVAR_KEYDB_NAME_SIZE 38
|
|
||||||
|
|
||||||
///
|
///
|
||||||
/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
|
/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
|
||||||
///
|
///
|
||||||
#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)
|
#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME))
|
||||||
#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
|
#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
|
||||||
|
|
||||||
|
///
|
||||||
|
/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
|
||||||
|
/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
||||||
|
///
|
||||||
|
///
|
||||||
|
#define EFI_CERT_DB_NAME L"certdb"
|
||||||
|
#define MAX_CERTDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME))
|
||||||
|
|
||||||
|
extern EFI_GUID gEfiCertDbGuid;
|
||||||
|
|
||||||
///
|
///
|
||||||
/// Struct to record signature requirement defined by UEFI spec.
|
/// Struct to record signature requirement defined by UEFI spec.
|
||||||
/// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.
|
/// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user