1. Initialize certdb variable with correct value of list size.

2. Use gloable database array instead of calling AllocateZeroPool in SetVariable.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13671 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 11 insertions, 2 deletions

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
index e7a9a1f556..1f62383aed 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
@@ -36,15 +36,24 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 /// "AuthVarKeyDatabase" variable for the Public Key store.

 ///

 #define AUTHVAR_KEYDB_NAME      L"AuthVarKeyDatabase"

-#define AUTHVAR_KEYDB_NAME_SIZE 38

 

 ///

 /// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.

 ///

-#define MAX_KEYDB_SIZE  (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)

+#define MAX_KEYDB_SIZE  (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME))

 #define MAX_KEY_NUM     (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)

 

 ///

+/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX

+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.

+/// 

+///

+#define EFI_CERT_DB_NAME        L"certdb"

+#define MAX_CERTDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME))

+

+extern  EFI_GUID gEfiCertDbGuid;

+

+///

 /// Struct to record signature requirement defined by UEFI spec.

 /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.

 ///