diff options
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
3 files changed, 32 insertions, 14 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 2663dbe063..96b1f403c3 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -32,9 +32,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ///
/// Global database array for scratch
///
-UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
+UINT8 *mPubKeyStore;
UINT32 mPubKeyNumber;
-UINT8 mCertDbStore[MAX_CERTDB_SIZE];
+UINT32 mMaxKeyNumber;
+UINT32 mMaxKeyDbSize;
+UINT8 *mCertDbStore;
+UINT32 mMaxCertDbSize;
UINT32 mPlatformMode;
UINT8 mVendorKeyState;
@@ -184,6 +187,25 @@ AutenticatedVariableServiceInitialize ( }
//
+ // Reserve runtime buffer for public key database. The size excludes variable header and name size.
+ //
+ mMaxKeyDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME);
+ mMaxKeyNumber = mMaxKeyDbSize / EFI_CERT_TYPE_RSA2048_SIZE;
+ mPubKeyStore = AllocateRuntimePool (mMaxKeyDbSize);
+ if (mPubKeyStore == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Reserve runtime buffer for certificate database. The size excludes variable header and name size.
+ //
+ mMaxCertDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME);
+ mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
+ if (mCertDbStore == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
// Prepare runtime buffer for serialized data of time-based authenticated
// Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).
//
@@ -503,7 +525,7 @@ AddPubKeyInStore ( //
// Add public key in database.
//
- if (mPubKeyNumber == MAX_KEY_NUM) {
+ if (mPubKeyNumber == mMaxKeyNumber) {
//
// Public key dadatase is full, try to reclaim invalid key.
//
@@ -545,7 +567,7 @@ AddPubKeyInStore ( CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
- if (mPubKeyNumber == MAX_KEY_NUM) {
+ if (mPubKeyNumber == mMaxKeyNumber) {
return 0;
}
}
@@ -1996,7 +2018,7 @@ InsertCertsToDb ( NameSize = (UINT32) StrLen (VariableName);
CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
NewCertDbSize = (UINT32) DataSize + CertNodeSize;
- if (NewCertDbSize > MAX_CERTDB_SIZE) {
+ if (NewCertDbSize > mMaxCertDbSize) {
return EFI_OUT_OF_RESOURCES;
}
NewCertDb = (UINT8*) mCertDbStore;
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h index 745e3c7d8f..6ebc777075 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h @@ -2,7 +2,7 @@ The internal header file includes the common header files, defines
internal structure and functions used by AuthService module.
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -38,18 +38,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
///
-/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
-///
-#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME))
-#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
-
-///
/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
///
///
#define EFI_CERT_DB_NAME L"certdb"
-#define MAX_CERTDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME))
///
/// Struct to record signature requirement defined by UEFI spec.
@@ -326,7 +319,8 @@ VerifyTimeBasedPayload ( OUT BOOLEAN *VarDel
);
-extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
+extern UINT8 *mPubKeyStore;
+extern UINT8 *mCertDbStore;
extern UINT32 mPubKeyNumber;
extern VOID *mHashCtx;
extern UINT8 *mSerializationRuntimeBuffer;
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c index 949fb64248..d8910b76f8 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c @@ -243,6 +243,8 @@ VariableClassAddressChangeEvent ( EfiConvertPointer (0x0, (VOID **) &mHashCtx);
EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
+ EfiConvertPointer (0x0, (VOID **) &mPubKeyStore);
+ EfiConvertPointer (0x0, (VOID **) &mCertDbStore);
//
// in the list of locked variables, convert the name pointers first
|