diff options
| author | Qin Long <qin.long@intel.com> | 2014-11-14 08:41:12 +0000 |
|---|---|---|
| committer | qlong <qlong@Edk2> | 2014-11-14 08:41:12 +0000 |
| commit | 20333c6d566748d7c78c1b546ba8f37c6d253dea (patch) | |
| tree | cdd1196a23f4b41bf0c732ea82b49a86b51ad6de /SecurityPkg/VariableAuthenticated/RuntimeDxe | |
| parent | 2e70cf8ade0dd1e023274f7358c7c72cfd17460c (diff) | |
| download | edk2-platforms-20333c6d566748d7c78c1b546ba8f37c6d253dea.tar.xz | |
UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot
Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated/RuntimeDxe')
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c | 125 | ||||
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c | 65 |
2 files changed, 97 insertions, 93 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 566c5e29a7..3f0698e606 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -9,7 +9,7 @@ Variable attribute should also be checked to avoid authentication bypass.
The whole SMM authentication variable design relies on the integrity of flash part and SMM.
which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
- may not be modified without authorization. If platform fails to protect these resources,
+ may not be modified without authorization. If platform fails to protect these resources,
the authentication service provided in this driver will be broken, and the behavior is undefined.
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
@@ -77,7 +77,10 @@ EFI_SIGNATURE_ITEM mSupportSigItem[] = { {EFI_CERT_X509_GUID, 0, ((UINT32) ~0)},
{EFI_CERT_SHA224_GUID, 0, 28 },
{EFI_CERT_SHA384_GUID, 0, 48 },
- {EFI_CERT_SHA512_GUID, 0, 64 }
+ {EFI_CERT_SHA512_GUID, 0, 64 },
+ {EFI_CERT_X509_SHA256_GUID, 0, 48 },
+ {EFI_CERT_X509_SHA384_GUID, 0, 64 },
+ {EFI_CERT_X509_SHA512_GUID, 0, 80 }
};
/**
@@ -88,7 +91,7 @@ EFI_SIGNATURE_ITEM mSupportSigItem[] = { @retval TRUE This variable is protected, only a physical present user could set this variable.
@retval FALSE This variable is not protected.
-
+
**/
BOOLEAN
NeedPhysicallyPresent(
@@ -100,7 +103,7 @@ NeedPhysicallyPresent( || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
return TRUE;
}
-
+
return FALSE;
}
@@ -122,7 +125,7 @@ InCustomMode ( if (Variable.CurrPtr != NULL && *(GetVariableDataPtr (Variable.CurrPtr)) == CUSTOM_SECURE_BOOT_MODE) {
return TRUE;
}
-
+
return FALSE;
}
@@ -256,7 +259,7 @@ AutenticatedVariableServiceInitialize ( Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
//
- // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
+ // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
// Therefore, there is no memory overflow in underlying CopyMem.
//
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
@@ -269,7 +272,7 @@ AutenticatedVariableServiceInitialize ( } else {
DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));
}
-
+
//
// Create "SetupMode" variable with BS+RT attribute set.
//
@@ -293,7 +296,7 @@ AutenticatedVariableServiceInitialize ( if (EFI_ERROR (Status)) {
return Status;
}
-
+
//
// Create "SignatureSupport" variable with BS+RT attribute set.
//
@@ -390,12 +393,12 @@ AutenticatedVariableServiceInitialize ( if (EFI_ERROR (Status)) {
return Status;
}
-
+
DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));
//
// Check "certdb" variable's existence.
- // If it doesn't exist, then create a new one with
+ // If it doesn't exist, then create a new one with
// EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
//
Status = FindVariable (
@@ -423,7 +426,7 @@ AutenticatedVariableServiceInitialize ( if (EFI_ERROR (Status)) {
return Status;
}
- }
+ }
//
// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
@@ -480,7 +483,7 @@ AutenticatedVariableServiceInitialize ( Add public key in store and return its index.
@param[in] PubKey Input pointer to Public Key data
- @param[in] VariableDataEntry The variable data entry
+ @param[in] VariableDataEntry The variable data entry
@return Index of new added item
@@ -543,7 +546,7 @@ AddPubKeyInStore ( //
return 0;
}
-
+
Status = Reclaim (
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
&mVariableModuleGlobal->NonVolatileLastVariableOffset,
@@ -573,7 +576,7 @@ AddPubKeyInStore ( Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
//
- // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
+ // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
// Therefore, there is no memory overflow in underlying CopyMem.
//
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
@@ -581,7 +584,7 @@ AddPubKeyInStore ( if (mPubKeyNumber == mMaxKeyNumber) {
return 0;
- }
+ }
}
//
@@ -656,7 +659,7 @@ VerifyCounterBasedPayload ( UINT8 Digest[SHA256_DIGEST_SIZE];
VOID *Rsa;
UINTN PayloadSize;
-
+
PayloadSize = DataSize - AUTHINFO_SIZE;
Rsa = NULL;
CertData = NULL;
@@ -885,7 +888,7 @@ UpdatePlatformMode ( }
/**
- Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK/db/dbx variable.
+ Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK/db/dbx/dbt variable.
@param[in] VariableName Name of Variable to be check.
@param[in] VendorGuid Variable vendor GUID.
@@ -894,7 +897,7 @@ UpdatePlatformMode ( @return EFI_INVALID_PARAMETER Invalid signature list format.
@return EFI_SUCCESS Passed signature list format check successfully.
-
+
**/
EFI_STATUS
CheckSignatureListFormat(
@@ -921,9 +924,10 @@ CheckSignatureListFormat( if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
IsPk = TRUE;
- } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0) ||
- (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
- (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0 || StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))){
+ } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||
+ (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) {
IsPk = FALSE;
} else {
return EFI_SUCCESS;
@@ -942,10 +946,10 @@ CheckSignatureListFormat( for (Index = 0; Index < (sizeof (mSupportSigItem) / sizeof (EFI_SIGNATURE_ITEM)); Index++ ) {
if (CompareGuid (&SigList->SignatureType, &mSupportSigItem[Index].SigType)) {
//
- // The value of SignatureSize should always be 16 (size of SignatureOwner
+ // The value of SignatureSize should always be 16 (size of SignatureOwner
// component) add the data length according to signature type.
//
- if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&
+ if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&
(SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {
return EFI_INVALID_PARAMETER;
}
@@ -986,7 +990,7 @@ CheckSignatureListFormat( return EFI_INVALID_PARAMETER;
}
SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;
-
+
SigDataSize -= SigList->SignatureListSize;
SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize);
}
@@ -1007,7 +1011,7 @@ CheckSignatureListFormat( @return EFI_SUCCESS Variable is updated successfully.
@return Others Failed to update variable.
-
+
**/
EFI_STATUS
VendorKeyIsModified (
@@ -1021,7 +1025,7 @@ VendorKeyIsModified ( return EFI_SUCCESS;
}
mVendorKeyState = VENDOR_KEYS_MODIFIED;
-
+
FindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
Status = UpdateVariable (
EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
@@ -1093,10 +1097,10 @@ ProcessVarWithPk ( UINT8 *Payload;
UINTN PayloadSize;
- if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
+ if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
//
- // PK, KEK and db/dbx should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
+ // PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
//
return EFI_INVALID_PARAMETER;
@@ -1221,7 +1225,7 @@ ProcessVarWithKek ( if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
//
- // DB and DBX should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
+ // DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
//
return EFI_INVALID_PARAMETER;
@@ -1253,7 +1257,7 @@ ProcessVarWithKek ( if (EFI_ERROR (Status)) {
return Status;
}
-
+
Status = UpdateVariable (
VariableName,
VendorGuid,
@@ -1338,23 +1342,23 @@ ProcessVariable ( //
return EFI_SECURITY_VIOLATION;
}
-
+
//
// A time-based authenticated variable and a count-based authenticated variable
// can't be updated by each other.
- //
- if (Variable->CurrPtr != NULL) {
+ //
+ if (Variable->CurrPtr != NULL) {
if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) &&
((Variable->CurrPtr->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {
- return EFI_SECURITY_VIOLATION;
+ return EFI_SECURITY_VIOLATION;
}
-
- if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) &&
+
+ if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) &&
((Variable->CurrPtr->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) {
- return EFI_SECURITY_VIOLATION;
+ return EFI_SECURITY_VIOLATION;
}
}
-
+
//
// Process Time-based Authenticated variable.
//
@@ -1392,7 +1396,7 @@ ProcessVariable ( KeyIndex = Variable->CurrPtr->PubKeyIndex;
IsFirstTime = FALSE;
}
- } else if ((Variable->CurrPtr != NULL) &&
+ } else if ((Variable->CurrPtr != NULL) &&
((Variable->CurrPtr->Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)
) {
//
@@ -1423,7 +1427,7 @@ ProcessVariable ( if (!IsFirstTime) {
//
// 2 cases need to check here
- // 1. Internal PubKey variable. PubKeyIndex is always 0
+ // 1. Internal PubKey variable. PubKeyIndex is always 0
// 2. Other counter-based AuthVariable. Check input PubKey.
//
if (KeyIndex == 0 || CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {
@@ -1478,7 +1482,7 @@ ProcessVariable ( @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.
@param[in] DataSize Size of Data buffer.
- @param[in] FreeBufSize Size of free data buffer
+ @param[in] FreeBufSize Size of free data buffer
@param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.
@param[in] NewDataSize Size of NewData buffer.
@param[out] MergedBufSize Size of the merged buffer
@@ -1714,7 +1718,7 @@ FindCertsFromDb ( //
// Check whether VariableName matches.
//
- if ((NameSize == StrLen (VariableName)) &&
+ if ((NameSize == StrLen (VariableName)) &&
(CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {
Offset = Offset + NameSize * sizeof (CHAR16);
@@ -1723,7 +1727,7 @@ FindCertsFromDb ( }
if (CertDataSize != NULL) {
- *CertDataSize = CertSize;
+ *CertDataSize = CertSize;
}
if (CertNodeOffset != NULL) {
@@ -1744,7 +1748,7 @@ FindCertsFromDb ( }
}
- return EFI_NOT_FOUND;
+ return EFI_NOT_FOUND;
}
/**
@@ -1778,7 +1782,7 @@ GetCertsFromDb ( if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL) || (CertDataSize == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
+
//
// Get variable "certdb".
//
@@ -1788,7 +1792,7 @@ GetCertsFromDb ( &CertDbVariable,
&mVariableModuleGlobal->VariableGlobal,
FALSE
- );
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -1851,7 +1855,7 @@ DeleteCertsFromDb ( if ((VariableName == NULL) || (VendorGuid == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
+
//
// Get variable "certdb".
//
@@ -1861,7 +1865,7 @@ DeleteCertsFromDb ( &CertDbVariable,
&mVariableModuleGlobal->VariableGlobal,
FALSE
- );
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -1929,8 +1933,8 @@ DeleteCertsFromDb ( //
// Set "certdb".
- //
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ //
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
@@ -1984,7 +1988,7 @@ InsertCertsToDb ( if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
+
//
// Get variable "certdb".
//
@@ -1994,7 +1998,7 @@ InsertCertsToDb ( &CertDbVariable,
&mVariableModuleGlobal->VariableGlobal,
FALSE
- );
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -2030,7 +2034,7 @@ InsertCertsToDb ( // Construct new data content of variable "certdb".
//
NameSize = (UINT32) StrLen (VariableName);
- CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
+ CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
NewCertDbSize = (UINT32) DataSize + CertNodeSize;
if (NewCertDbSize > mMaxCertDbSize) {
return EFI_OUT_OF_RESOURCES;
@@ -2053,7 +2057,7 @@ InsertCertsToDb ( CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32));
CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32));
CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32));
-
+
CopyMem (
(UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA),
VariableName,
@@ -2065,11 +2069,11 @@ InsertCertsToDb ( CertData,
CertDataSize
);
-
+
//
// Set "certdb".
- //
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ //
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
@@ -2349,7 +2353,7 @@ VerifyTimeBasedPayload ( } else if (AuthVarType == AuthVarTypePriv) {
//
- // Process common authenticated variable except PK/KEK/DB/DBX.
+ // Process common authenticated variable except PK/KEK/DB/DBX/DBT.
// Get signer's certificates from SignedData.
//
VerifyStatus = Pkcs7GetSigners (
@@ -2376,7 +2380,7 @@ VerifyTimeBasedPayload ( if (EFI_ERROR (Status)) {
goto Exit;
}
-
+
if ((CertStackSize != CertsSizeinDb) ||
(CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {
goto Exit;
@@ -2419,7 +2423,7 @@ VerifyTimeBasedPayload ( Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
RootCert = Cert->SignatureData;
RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
-
+
// Verify Pkcs7 SignedData via Pkcs7Verify library.
//
VerifyStatus = Pkcs7Verify (
@@ -2469,4 +2473,3 @@ Exit: &CertData->TimeStamp
);
}
-
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index cb0f2baf9d..432531f6df 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -592,14 +592,14 @@ GetEndPointer ( Check the PubKeyIndex is a valid key or not.
- This function will iterate the NV storage to see if this PubKeyIndex is still referenced
+ This function will iterate the NV storage to see if this PubKeyIndex is still referenced
by any valid count-based auth variabe.
-
+
@param[in] PubKeyIndex Index of the public key in public key store.
@retval TRUE The PubKeyIndex is still in use.
@retval FALSE The PubKeyIndex is not referenced by any count-based auth variabe.
-
+
**/
BOOLEAN
IsValidPubKeyIndex (
@@ -617,20 +617,20 @@ IsValidPubKeyIndex ( VariableStoreEnd = GetEndPointer ((VARIABLE_STORE_HEADER *) (UINTN) mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase);
while (IsValidVariableHeader (Variable, VariableStoreEnd)) {
- if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) &&
+ if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) &&
Variable->PubKeyIndex == PubKeyIndex) {
return TRUE;
}
Variable = GetNextVariablePtr (Variable);
}
-
+
return FALSE;
}
/**
Get the number of valid public key in PubKeyStore.
-
+
@param[in] PubKeyNumber Number of the public key in public key store.
@return Number of valid public key in PubKeyStore.
@@ -645,13 +645,13 @@ GetValidPubKeyNumber ( UINT32 Counter;
Counter = 0;
-
+
for (PubKeyIndex = 1; PubKeyIndex <= PubKeyNumber; PubKeyIndex++) {
if (IsValidPubKeyIndex (PubKeyIndex)) {
Counter++;
}
}
-
+
return Counter;
}
@@ -659,7 +659,7 @@ GetValidPubKeyNumber ( Filter the useless key in public key store.
- This function will find out all valid public keys in public key database, save them in new allocated
+ This function will find out all valid public keys in public key database, save them in new allocated
buffer NewPubKeyStore, and give the new PubKeyIndex. The caller is responsible for freeing buffer
NewPubKeyIndex and NewPubKeyStore with FreePool().
@@ -668,10 +668,10 @@ GetValidPubKeyNumber ( @param[out] NewPubKeyIndex Point to an array of new PubKeyIndex corresponds to NewPubKeyStore.
@param[out] NewPubKeyStore Saved all valid public keys in PubKeyStore.
@param[out] NewPubKeySize Buffer size of the NewPubKeyStore.
-
+
@retval EFI_SUCCESS Trim operation is complete successfully.
@retval EFI_OUT_OF_RESOURCES No enough memory resources, or no useless key in PubKeyStore.
-
+
**/
EFI_STATUS
PubKeyStoreFilter (
@@ -685,7 +685,7 @@ PubKeyStoreFilter ( UINT32 PubKeyIndex;
UINT32 CopiedKey;
UINT32 NewPubKeyNumber;
-
+
NewPubKeyNumber = GetValidPubKeyNumber (PubKeyNumber);
if (NewPubKeyNumber == PubKeyNumber) {
return EFI_OUT_OF_RESOURCES;
@@ -739,7 +739,7 @@ PubKeyStoreFilter ( @param[in] NewVariable Pointer to new variable.
@param[in] NewVariableSize New variable size.
@param[in] ReclaimPubKeyStore Reclaim for public key database or not.
-
+
@return EFI_SUCCESS Reclaim operation has finished successfully.
@return EFI_OUT_OF_RESOURCES No enough memory resources or variable space.
@return EFI_DEVICE_ERROR The public key database doesn't exist.
@@ -873,7 +873,7 @@ Reclaim ( while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable);
if (Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
- if ((StrCmp (GetVariableNamePtr (Variable), AUTHVAR_KEYDB_NAME) == 0) &&
+ if ((StrCmp (GetVariableNamePtr (Variable), AUTHVAR_KEYDB_NAME) == 0) &&
(CompareGuid (&Variable->VendorGuid, &gEfiAuthenticatedVariableGuid))) {
//
// Skip the public key database, it will be reinstalled later.
@@ -882,7 +882,7 @@ Reclaim ( Variable = NextVariable;
continue;
}
-
+
VariableSize = (UINTN) NextVariable - (UINTN) Variable;
CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize);
((VARIABLE_HEADER*) CurrPtr)->PubKeyIndex = NewPubKeyIndex[Variable->PubKeyIndex];
@@ -909,7 +909,7 @@ Reclaim ( Variable->DataSize = NewPubKeySize;
StrCpy (GetVariableNamePtr (Variable), GetVariableNamePtr (PubKeyHeader));
CopyMem (GetVariableDataPtr (Variable), NewPubKeyStore, NewPubKeySize);
- CurrPtr = (UINT8*) GetNextVariablePtr (Variable);
+ CurrPtr = (UINT8*) GetNextVariablePtr (Variable);
CommonVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable;
} else {
//
@@ -1524,7 +1524,7 @@ VariableGetBestLanguage ( @param[in] Attributes Variable attributes for Variable entries.
@param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
- A NULL terminates the list. The VariableSize of
+ A NULL terminates the list. The VariableSize of
VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
It will be changed to variable total size as output.
@@ -1803,7 +1803,7 @@ AutoUpdateLangVariable ( VariableEntry[0].VariableSize = ISO_639_2_ENTRY_SIZE + 1;
VariableEntry[0].Guid = &gEfiGlobalVariableGuid;
VariableEntry[0].Name = EFI_LANG_VARIABLE_NAME;
-
+
VariableEntry[1].VariableSize = AsciiStrSize (BestPlatformLang);
VariableEntry[1].Guid = &gEfiGlobalVariableGuid;
VariableEntry[1].Name = EFI_PLATFORM_LANG_VARIABLE_NAME;
@@ -2009,7 +2009,7 @@ UpdateVariable ( Status = EFI_INVALID_PARAMETER;
goto Done;
}
-
+
//
// Only variable that have RT attributes can be updated/deleted in Runtime.
//
@@ -2103,20 +2103,21 @@ UpdateVariable ( CopyMem (BufferForMerge, (UINT8 *) ((UINTN) Variable->CurrPtr + DataOffset), Variable->CurrPtr->DataSize);
//
- // Set Max Common Variable Data Size as default MaxDataSize
+ // Set Max Common Variable Data Size as default MaxDataSize
//
MaxDataSize = PcdGet32 (PcdMaxVariableSize) - DataOffset;
if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
- ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) ||
- (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
+ (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
//
// For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
// EFI_SIGNATURE_DATA values that are already part of the existing variable value.
//
Status = AppendSignatureList (
BufferForMerge,
- Variable->CurrPtr->DataSize,
+ Variable->CurrPtr->DataSize,
MaxDataSize - Variable->CurrPtr->DataSize,
Data,
DataSize,
@@ -2530,8 +2531,8 @@ Done: /**
Check if a Unicode character is a hexadecimal character.
- This function checks if a Unicode character is a
- hexadecimal character. The valid hexadecimal character is
+ This function checks if a Unicode character is a
+ hexadecimal character. The valid hexadecimal character is
L'0' to L'9', L'a' to L'f', or L'A' to L'F'.
@@ -2701,7 +2702,7 @@ VariableLockRequestToLock ( @retval TRUE This variable is read-only variable.
@retval FALSE This variable is NOT read-only variable.
-
+
**/
BOOLEAN
IsReadOnlyVariable (
@@ -2722,7 +2723,7 @@ IsReadOnlyVariable ( return TRUE;
}
}
-
+
return FALSE;
}
@@ -3077,8 +3078,8 @@ VariableServiceSetVariable ( if ((UINTN)(~0) - PayloadSize < StrSize(VariableName)){
//
- // Prevent whole variable size overflow
- //
+ // Prevent whole variable size overflow
+ //
return EFI_INVALID_PARAMETER;
}
@@ -3184,8 +3185,9 @@ VariableServiceSetVariable ( Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, TRUE);
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE);
- } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
- ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {
+ } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))
+ || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2)) == 0) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE);
if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);
@@ -3937,4 +3939,3 @@ GetFvbInfoByAddress ( return Status;
}
-
|