1. Correct the counter-based hash algorithm according to UEFI spec.

2. Check the reserverd bit in variable attribute.
3. Return EFI_OUT_OF_RESOURCE instead of EFI_SECURITY_VIOLATION if there is not enough speace to store the public key.
4. Fix a bug when deleting a non-existent time-based auth variable, we store the certificate into cert DB incorrectly.
5. Fix a bug that time-based auth variable can't been updated again after append operation.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13957 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 7 insertions, 0 deletions

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index 07fe99bee7..e683783fa5 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2281,6 +2281,13 @@ VariableServiceSetVariable (
   }

 

   //

+  // Check for reserverd bit in variable attribute.

+  //

+  if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) != 0) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  //

   //  Make sure if runtime bit is set, boot service bit is set also.

   //

   if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {