X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;ds=sidebyside;f=SecurityPkg%2FVariableAuthenticated%2FRuntimeDxe%2FAuthService.c;fp=SecurityPkg%2FVariableAuthenticated%2FRuntimeDxe%2FAuthService.c;h=49d7648f66557f11a1071791529b1fc5be201100;hb=8c83d0c0b9bd102cd905c83b2644a543e9711815;hp=96b1f403c363f0005431a1a7f9404986022c783c;hpb=edb5073413d7b5e60cb69ffd3cb1ccb99decbf6a;p=mirror_edk2.git

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 96b1f403c3..49d7648f66 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -1410,9 +1410,11 @@ ProcessVariable (
 
   if (!IsFirstTime) {
     //
-    // Check input PubKey.
+    // 2 cases need to check here
+    //   1. Internal PubKey variable. PubKeyIndex is always 0 
+    //   2. Other counter-based AuthVariable. Check input PubKey.
     //
-    if (CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {
+    if (KeyIndex == 0 || CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {
       return EFI_SECURITY_VIOLATION;
     }
     //