From 89be2b037f11cc64bd14fd5db41dc6e4a2171cdc Mon Sep 17 00:00:00 2001 From: gdong1 Date: Mon, 15 Oct 2012 06:08:22 +0000 Subject: Fix time-based and count-based authenticated variable can be updated by each other without verification. Signed-off-by: Dong Guo Reviewed-by: Ye Ting Reviewed-by: Fu Siyuan git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13848 6f19259b-4bc3-4df7-8a09-765794883524 --- .../VariableAuthenticated/RuntimeDxe/AuthService.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'SecurityPkg') diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index cf8ad99696..6576e681c3 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -1137,6 +1137,22 @@ ProcessVariable ( return EFI_SECURITY_VIOLATION; } + // + // A time-based authenticated variable and a count-based authenticated variable + // can't be updated by each other. + // + if (Variable->CurrPtr != NULL) { + if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) && + ((Variable->CurrPtr->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) { + return EFI_SECURITY_VIOLATION; + } + + if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) && + ((Variable->CurrPtr->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) { + return EFI_SECURITY_VIOLATION; + } + } + // // Process Time-based Authenticated variable. // -- cgit v1.2.3