//\r
// Public Exponent of RSA Key.\r
//\r
-CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r
+CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r
\r
-CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 };\r
+CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 };\r
\r
//\r
// Requirement for different signature type which have been defined in UEFI spec.\r
// These data are used to perform SignatureList format check while setting PK/KEK variable.\r
//\r
-EFI_SIGNATURE_ITEM mSupportSigItem[] = {\r
-//{SigType, SigHeaderSize, SigDataSize }\r
- {EFI_CERT_SHA256_GUID, 0, 32 },\r
- {EFI_CERT_RSA2048_GUID, 0, 256 },\r
- {EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },\r
- {EFI_CERT_SHA1_GUID, 0, 20 },\r
- {EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },\r
- {EFI_CERT_X509_GUID, 0, ((UINT32) ~0)},\r
- {EFI_CERT_SHA224_GUID, 0, 28 },\r
- {EFI_CERT_SHA384_GUID, 0, 48 },\r
- {EFI_CERT_SHA512_GUID, 0, 64 },\r
- {EFI_CERT_X509_SHA256_GUID, 0, 48 },\r
- {EFI_CERT_X509_SHA384_GUID, 0, 64 },\r
- {EFI_CERT_X509_SHA512_GUID, 0, 80 }\r
+EFI_SIGNATURE_ITEM mSupportSigItem[] = {\r
+ // {SigType, SigHeaderSize, SigDataSize }\r
+ { EFI_CERT_SHA256_GUID, 0, 32 },\r
+ { EFI_CERT_RSA2048_GUID, 0, 256 },\r
+ { EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },\r
+ { EFI_CERT_SHA1_GUID, 0, 20 },\r
+ { EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },\r
+ { EFI_CERT_X509_GUID, 0, ((UINT32) ~0) },\r
+ { EFI_CERT_SHA224_GUID, 0, 28 },\r
+ { EFI_CERT_SHA384_GUID, 0, 48 },\r
+ { EFI_CERT_SHA512_GUID, 0, 64 },\r
+ { EFI_CERT_X509_SHA256_GUID, 0, 48 },\r
+ { EFI_CERT_X509_SHA384_GUID, 0, 64 },\r
+ { EFI_CERT_X509_SHA512_GUID, 0, 80 }\r
};\r
\r
/**\r
**/\r
EFI_STATUS\r
AuthServiceInternalFindVariable (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- OUT VOID **Data,\r
- OUT UINTN *DataSize\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ OUT VOID **Data,\r
+ OUT UINTN *DataSize\r
)\r
{\r
- EFI_STATUS Status;\r
- AUTH_VARIABLE_INFO AuthVariableInfo;\r
+ EFI_STATUS Status;\r
+ AUTH_VARIABLE_INFO AuthVariableInfo;\r
\r
ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));\r
Status = mAuthVarLibContextIn->FindVariable (\r
- VariableName,\r
- VendorGuid,\r
- &AuthVariableInfo\r
- );\r
- *Data = AuthVariableInfo.Data;\r
+ VariableName,\r
+ VendorGuid,\r
+ &AuthVariableInfo\r
+ );\r
+ *Data = AuthVariableInfo.Data;\r
*DataSize = AuthVariableInfo.DataSize;\r
return Status;\r
}\r
**/\r
EFI_STATUS\r
AuthServiceInternalUpdateVariable (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes\r
)\r
{\r
- AUTH_VARIABLE_INFO AuthVariableInfo;\r
+ AUTH_VARIABLE_INFO AuthVariableInfo;\r
\r
ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));\r
AuthVariableInfo.VariableName = VariableName;\r
- AuthVariableInfo.VendorGuid = VendorGuid;\r
- AuthVariableInfo.Data = Data;\r
- AuthVariableInfo.DataSize = DataSize;\r
- AuthVariableInfo.Attributes = Attributes;\r
+ AuthVariableInfo.VendorGuid = VendorGuid;\r
+ AuthVariableInfo.Data = Data;\r
+ AuthVariableInfo.DataSize = DataSize;\r
+ AuthVariableInfo.Attributes = Attributes;\r
\r
return mAuthVarLibContextIn->UpdateVariable (\r
- &AuthVariableInfo\r
- );\r
+ &AuthVariableInfo\r
+ );\r
}\r
\r
/**\r
**/\r
EFI_STATUS\r
AuthServiceInternalUpdateVariableWithTimeStamp (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes,\r
- IN EFI_TIME *TimeStamp\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes,\r
+ IN EFI_TIME *TimeStamp\r
)\r
{\r
- EFI_STATUS FindStatus;\r
- VOID *OrgData;\r
- UINTN OrgDataSize;\r
- AUTH_VARIABLE_INFO AuthVariableInfo;\r
+ EFI_STATUS FindStatus;\r
+ VOID *OrgData;\r
+ UINTN OrgDataSize;\r
+ AUTH_VARIABLE_INFO AuthVariableInfo;\r
\r
FindStatus = AuthServiceInternalFindVariable (\r
VariableName,\r
//\r
if (!EFI_ERROR (FindStatus) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0)) {\r
if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&\r
- ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||\r
- (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||\r
- (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {\r
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||\r
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||\r
+ (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)))\r
+ {\r
//\r
// For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of\r
// EFI_SIGNATURE_DATA values that are already part of the existing variable value.\r
\r
ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));\r
AuthVariableInfo.VariableName = VariableName;\r
- AuthVariableInfo.VendorGuid = VendorGuid;\r
- AuthVariableInfo.Data = Data;\r
- AuthVariableInfo.DataSize = DataSize;\r
- AuthVariableInfo.Attributes = Attributes;\r
- AuthVariableInfo.TimeStamp = TimeStamp;\r
+ AuthVariableInfo.VendorGuid = VendorGuid;\r
+ AuthVariableInfo.Data = Data;\r
+ AuthVariableInfo.DataSize = DataSize;\r
+ AuthVariableInfo.Attributes = Attributes;\r
+ AuthVariableInfo.TimeStamp = TimeStamp;\r
return mAuthVarLibContextIn->UpdateVariable (\r
- &AuthVariableInfo\r
- );\r
+ &AuthVariableInfo\r
+ );\r
}\r
\r
/**\r
\r
**/\r
BOOLEAN\r
-NeedPhysicallyPresent(\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
+NeedPhysicallyPresent (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid\r
)\r
{\r
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.\r
- if (IsVariablePolicyEnabled()) {\r
- if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))\r
- || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {\r
+ if (IsVariablePolicyEnabled ()) {\r
+ if ( (CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))\r
+ || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0)))\r
+ {\r
return TRUE;\r
}\r
}\r
VOID\r
)\r
{\r
- EFI_STATUS Status;\r
- VOID *Data;\r
- UINTN DataSize;\r
+ EFI_STATUS Status;\r
+ VOID *Data;\r
+ UINTN DataSize;\r
\r
Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize);\r
- if (!EFI_ERROR (Status) && (*(UINT8 *) Data == CUSTOM_SECURE_BOOT_MODE)) {\r
+ if (!EFI_ERROR (Status) && (*(UINT8 *)Data == CUSTOM_SECURE_BOOT_MODE)) {\r
return TRUE;\r
}\r
\r
**/\r
EFI_STATUS\r
UpdatePlatformMode (\r
- IN UINT32 Mode\r
+ IN UINT32 Mode\r
)\r
{\r
- EFI_STATUS Status;\r
- VOID *Data;\r
- UINTN DataSize;\r
- UINT8 SecureBootMode;\r
- UINT8 SecureBootEnable;\r
- UINTN VariableDataSize;\r
+ EFI_STATUS Status;\r
+ VOID *Data;\r
+ UINTN DataSize;\r
+ UINT8 SecureBootMode;\r
+ UINT8 SecureBootEnable;\r
+ UINTN VariableDataSize;\r
\r
Status = AuthServiceInternalFindVariable (\r
EFI_SETUP_MODE_NAME,\r
// Update the value of SetupMode variable by a simple mem copy, this could avoid possible\r
// variable storage reclaim at runtime.\r
//\r
- mPlatformMode = (UINT8) Mode;\r
- CopyMem (Data, &mPlatformMode, sizeof(UINT8));\r
+ mPlatformMode = (UINT8)Mode;\r
+ CopyMem (Data, &mPlatformMode, sizeof (UINT8));\r
\r
if (mAuthVarLibContextIn->AtRuntime ()) {\r
//\r
}\r
}\r
\r
- Status = AuthServiceInternalUpdateVariable (\r
- EFI_SECURE_BOOT_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- &SecureBootMode,\r
- sizeof(UINT8),\r
- EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
- );\r
+ Status = AuthServiceInternalUpdateVariable (\r
+ EFI_SECURE_BOOT_MODE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ &SecureBootMode,\r
+ sizeof (UINT8),\r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
+ );\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
if (EFI_ERROR (Status)) {\r
return EFI_SUCCESS;\r
}\r
+\r
SecureBootEnable = SECURE_BOOT_DISABLE;\r
VariableDataSize = 0;\r
}\r
\r
**/\r
EFI_STATUS\r
-CheckSignatureListFormat(\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize\r
+CheckSignatureListFormat (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
)\r
{\r
- EFI_SIGNATURE_LIST *SigList;\r
- UINTN SigDataSize;\r
- UINT32 Index;\r
- UINT32 SigCount;\r
- BOOLEAN IsPk;\r
- VOID *RsaContext;\r
- EFI_SIGNATURE_DATA *CertData;\r
- UINTN CertLen;\r
+ EFI_SIGNATURE_LIST *SigList;\r
+ UINTN SigDataSize;\r
+ UINT32 Index;\r
+ UINT32 SigCount;\r
+ BOOLEAN IsPk;\r
+ VOID *RsaContext;\r
+ EFI_SIGNATURE_DATA *CertData;\r
+ UINTN CertLen;\r
\r
if (DataSize == 0) {\r
return EFI_SUCCESS;\r
\r
ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL);\r
\r
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){\r
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {\r
IsPk = TRUE;\r
} else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||\r
(CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&\r
- ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||\r
- (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) {\r
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||\r
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))))\r
+ {\r
IsPk = FALSE;\r
} else {\r
return EFI_SUCCESS;\r
}\r
\r
- SigCount = 0;\r
- SigList = (EFI_SIGNATURE_LIST *) Data;\r
- SigDataSize = DataSize;\r
- RsaContext = NULL;\r
+ SigCount = 0;\r
+ SigList = (EFI_SIGNATURE_LIST *)Data;\r
+ SigDataSize = DataSize;\r
+ RsaContext = NULL;\r
\r
//\r
// Walk through the input signature list and check the data format.\r
// The value of SignatureSize should always be 16 (size of SignatureOwner\r
// component) add the data length according to signature type.\r
//\r
- if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&\r
- (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {\r
+ if ((mSupportSigItem[Index].SigDataSize != ((UINT32) ~0)) &&\r
+ ((SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize))\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
- if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) &&\r
- SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) {\r
+\r
+ if ((mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0)) &&\r
+ (SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize))\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
+\r
break;\r
}\r
}\r
if (RsaContext == NULL) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);\r
- CertLen = SigList->SignatureSize - sizeof (EFI_GUID);\r
+\r
+ CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);\r
+ CertLen = SigList->SignatureSize - sizeof (EFI_GUID);\r
if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) {\r
RsaFree (RsaContext);\r
return EFI_INVALID_PARAMETER;\r
}\r
+\r
RsaFree (RsaContext);\r
}\r
\r
if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {\r
return EFI_INVALID_PARAMETER;\r
}\r
+\r
SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;\r
\r
SigDataSize -= SigList->SignatureListSize;\r
- SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize);\r
+ SigList = (EFI_SIGNATURE_LIST *)((UINT8 *)SigList + SigList->SignatureListSize);\r
}\r
\r
- if (((UINTN) SigList - (UINTN) Data) != DataSize) {\r
+ if (((UINTN)SigList - (UINTN)Data) != DataSize) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- if (IsPk && SigCount > 1) {\r
+ if (IsPk && (SigCount > 1)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
VOID\r
)\r
{\r
- EFI_STATUS Status;\r
+ EFI_STATUS Status;\r
\r
if (mVendorKeyState == VENDOR_KEYS_MODIFIED) {\r
return EFI_SUCCESS;\r
}\r
+\r
mVendorKeyState = VENDOR_KEYS_MODIFIED;\r
\r
Status = AuthServiceInternalUpdateVariable (\r
**/\r
EFI_STATUS\r
ProcessVarWithPk (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes OPTIONAL,\r
- IN BOOLEAN IsPk\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes OPTIONAL,\r
+ IN BOOLEAN IsPk\r
)\r
{\r
- EFI_STATUS Status;\r
- BOOLEAN Del;\r
- UINT8 *Payload;\r
- UINTN PayloadSize;\r
+ EFI_STATUS Status;\r
+ BOOLEAN Del;\r
+ UINT8 *Payload;\r
+ UINTN PayloadSize;\r
\r
- if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||\r
- (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {\r
+ if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||\r
+ ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))\r
+ {\r
//\r
// PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based\r
// authenticated variable.\r
// Init state of Del. State may change due to secure check\r
//\r
Del = FALSE;\r
- if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {\r
- Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);\r
+ if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) {\r
+ Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);\r
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);\r
if (PayloadSize == 0) {\r
Del = TRUE;\r
}\r
\r
- Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);\r
+ Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
Payload,\r
PayloadSize,\r
Attributes,\r
- &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp\r
+ &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp\r
);\r
- if (EFI_ERROR(Status)) {\r
+ if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
\r
);\r
}\r
\r
- if (!EFI_ERROR(Status) && IsPk) {\r
- if (mPlatformMode == SETUP_MODE && !Del) {\r
+ if (!EFI_ERROR (Status) && IsPk) {\r
+ if ((mPlatformMode == SETUP_MODE) && !Del) {\r
//\r
// If enroll PK in setup mode, need change to user mode.\r
//\r
Status = UpdatePlatformMode (USER_MODE);\r
- } else if (mPlatformMode == USER_MODE && Del){\r
+ } else if ((mPlatformMode == USER_MODE) && Del) {\r
//\r
// If delete PK in user mode, need change to setup mode.\r
//\r
**/\r
EFI_STATUS\r
ProcessVarWithKek (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes OPTIONAL\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes OPTIONAL\r
)\r
{\r
- EFI_STATUS Status;\r
- UINT8 *Payload;\r
- UINTN PayloadSize;\r
+ EFI_STATUS Status;\r
+ UINT8 *Payload;\r
+ UINTN PayloadSize;\r
\r
- if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||\r
- (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {\r
+ if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||\r
+ ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))\r
+ {\r
//\r
// DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based\r
// authenticated variable.\r
}\r
\r
Status = EFI_SUCCESS;\r
- if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {\r
+ if ((mPlatformMode == USER_MODE) && !(InCustomMode () && UserPhysicalPresent ())) {\r
//\r
// Time-based, verify against X509 Cert KEK.\r
//\r
//\r
// If in setup mode or custom secure boot mode, no authentication needed.\r
//\r
- Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);\r
+ Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);\r
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);\r
\r
- Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);\r
+ Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
Payload,\r
PayloadSize,\r
Attributes,\r
- &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp\r
+ &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp\r
);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
**/\r
BOOLEAN\r
IsDeleteAuthVariable (\r
- IN UINT32 OrgAttributes,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes\r
+ IN UINT32 OrgAttributes,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes\r
)\r
{\r
- BOOLEAN Del;\r
- UINTN PayloadSize;\r
+ BOOLEAN Del;\r
+ UINTN PayloadSize;\r
\r
Del = FALSE;\r
\r
// and the DataSize set to the size of the AuthInfo descriptor.\r
//\r
if ((Attributes == OrgAttributes) &&\r
- ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {\r
+ ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))\r
+ {\r
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);\r
if (PayloadSize == 0) {\r
**/\r
EFI_STATUS\r
ProcessVariable (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes\r
)\r
{\r
- EFI_STATUS Status;\r
- AUTH_VARIABLE_INFO OrgVariableInfo;\r
+ EFI_STATUS Status;\r
+ AUTH_VARIABLE_INFO OrgVariableInfo;\r
\r
- Status = EFI_SUCCESS;\r
+ Status = EFI_SUCCESS;\r
\r
ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo));\r
Status = mAuthVarLibContextIn->FindVariable (\r
- VariableName,\r
- VendorGuid,\r
- &OrgVariableInfo\r
- );\r
+ VariableName,\r
+ VendorGuid,\r
+ &OrgVariableInfo\r
+ );\r
\r
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.\r
- if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) {\r
+ if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent () || !IsVariablePolicyEnabled ())) {\r
//\r
// Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.\r
//\r
Status = AuthServiceInternalUpdateVariable (\r
- VariableName,\r
- VendorGuid,\r
- NULL,\r
- 0,\r
- 0\r
- );\r
+ VariableName,\r
+ VendorGuid,\r
+ NULL,\r
+ 0,\r
+ 0\r
+ );\r
if (!EFI_ERROR (Status) && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {\r
Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);\r
}\r
return Status;\r
}\r
\r
- if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {\r
+ if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent ()) {\r
//\r
// This variable is protected, only physical present user could modify its value.\r
//\r
}\r
\r
if ((OrgVariableInfo.Data != NULL) &&\r
- ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {\r
+ ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))\r
+ {\r
//\r
// If the variable is already write-protected, it always needs authentication before update.\r
//\r
//\r
Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);\r
return Status;\r
-\r
}\r
\r
/**\r
**/\r
EFI_STATUS\r
FilterSignatureList (\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN OUT VOID *NewData,\r
- IN OUT UINTN *NewDataSize\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN OUT VOID *NewData,\r
+ IN OUT UINTN *NewDataSize\r
)\r
{\r
- EFI_SIGNATURE_LIST *CertList;\r
- EFI_SIGNATURE_DATA *Cert;\r
- UINTN CertCount;\r
- EFI_SIGNATURE_LIST *NewCertList;\r
- EFI_SIGNATURE_DATA *NewCert;\r
- UINTN NewCertCount;\r
- UINTN Index;\r
- UINTN Index2;\r
- UINTN Size;\r
- UINT8 *Tail;\r
- UINTN CopiedCount;\r
- UINTN SignatureListSize;\r
- BOOLEAN IsNewCert;\r
- UINT8 *TempData;\r
- UINTN TempDataSize;\r
- EFI_STATUS Status;\r
+ EFI_SIGNATURE_LIST *CertList;\r
+ EFI_SIGNATURE_DATA *Cert;\r
+ UINTN CertCount;\r
+ EFI_SIGNATURE_LIST *NewCertList;\r
+ EFI_SIGNATURE_DATA *NewCert;\r
+ UINTN NewCertCount;\r
+ UINTN Index;\r
+ UINTN Index2;\r
+ UINTN Size;\r
+ UINT8 *Tail;\r
+ UINTN CopiedCount;\r
+ UINTN SignatureListSize;\r
+ BOOLEAN IsNewCert;\r
+ UINT8 *TempData;\r
+ UINTN TempDataSize;\r
+ EFI_STATUS Status;\r
\r
if (*NewDataSize == 0) {\r
return EFI_SUCCESS;\r
}\r
\r
TempDataSize = *NewDataSize;\r
- Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **) &TempData);\r
+ Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **)&TempData);\r
if (EFI_ERROR (Status)) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
Tail = TempData;\r
\r
- NewCertList = (EFI_SIGNATURE_LIST *) NewData;\r
+ NewCertList = (EFI_SIGNATURE_LIST *)NewData;\r
while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) {\r
- NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);\r
+ NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);\r
NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize;\r
\r
CopiedCount = 0;\r
for (Index = 0; Index < NewCertCount; Index++) {\r
IsNewCert = TRUE;\r
\r
- Size = DataSize;\r
- CertList = (EFI_SIGNATURE_LIST *) Data;\r
+ Size = DataSize;\r
+ CertList = (EFI_SIGNATURE_LIST *)Data;\r
while ((Size > 0) && (Size >= CertList->SignatureListSize)) {\r
if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&\r
- (CertList->SignatureSize == NewCertList->SignatureSize)) {\r
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+ (CertList->SignatureSize == NewCertList->SignatureSize))\r
+ {\r
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
for (Index2 = 0; Index2 < CertCount; Index2++) {\r
//\r
IsNewCert = FALSE;\r
break;\r
}\r
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
+\r
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);\r
}\r
}\r
\r
if (!IsNewCert) {\r
break;\r
}\r
- Size -= CertList->SignatureListSize;\r
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+\r
+ Size -= CertList->SignatureListSize;\r
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);\r
}\r
\r
if (IsNewCert) {\r
CopiedCount++;\r
}\r
\r
- NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize);\r
+ NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCert + NewCertList->SignatureSize);\r
}\r
\r
//\r
// Update SignatureListSize in the kept EFI_SIGNATURE_LIST.\r
//\r
if (CopiedCount != 0) {\r
- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);\r
- CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize);\r
- CertList->SignatureListSize = (UINT32) SignatureListSize;\r
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);\r
+ CertList = (EFI_SIGNATURE_LIST *)(Tail - SignatureListSize);\r
+ CertList->SignatureListSize = (UINT32)SignatureListSize;\r
}\r
\r
*NewDataSize -= NewCertList->SignatureListSize;\r
- NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize);\r
+ NewCertList = (EFI_SIGNATURE_LIST *)((UINT8 *)NewCertList + NewCertList->SignatureListSize);\r
}\r
\r
- TempDataSize = (Tail - (UINT8 *) TempData);\r
+ TempDataSize = (Tail - (UINT8 *)TempData);\r
\r
CopyMem (NewData, TempData, TempDataSize);\r
*NewDataSize = TempDataSize;\r
**/\r
BOOLEAN\r
AuthServiceInternalCompareTimeStamp (\r
- IN EFI_TIME *FirstTime,\r
- IN EFI_TIME *SecondTime\r
+ IN EFI_TIME *FirstTime,\r
+ IN EFI_TIME *SecondTime\r
)\r
{\r
if (FirstTime->Year != SecondTime->Year) {\r
- return (BOOLEAN) (FirstTime->Year < SecondTime->Year);\r
+ return (BOOLEAN)(FirstTime->Year < SecondTime->Year);\r
} else if (FirstTime->Month != SecondTime->Month) {\r
- return (BOOLEAN) (FirstTime->Month < SecondTime->Month);\r
+ return (BOOLEAN)(FirstTime->Month < SecondTime->Month);\r
} else if (FirstTime->Day != SecondTime->Day) {\r
- return (BOOLEAN) (FirstTime->Day < SecondTime->Day);\r
+ return (BOOLEAN)(FirstTime->Day < SecondTime->Day);\r
} else if (FirstTime->Hour != SecondTime->Hour) {\r
- return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour);\r
+ return (BOOLEAN)(FirstTime->Hour < SecondTime->Hour);\r
} else if (FirstTime->Minute != SecondTime->Minute) {\r
- return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute);\r
+ return (BOOLEAN)(FirstTime->Minute < SecondTime->Minute);\r
}\r
\r
- return (BOOLEAN) (FirstTime->Second <= SecondTime->Second);\r
+ return (BOOLEAN)(FirstTime->Second <= SecondTime->Second);\r
}\r
\r
/**\r
\r
**/\r
EFI_STATUS\r
-CalculatePrivAuthVarSignChainSHA256Digest(\r
- IN UINT8 *SignerCert,\r
- IN UINTN SignerCertSize,\r
- IN UINT8 *TopLevelCert,\r
- IN UINTN TopLevelCertSize,\r
- OUT UINT8 *Sha256Digest\r
+CalculatePrivAuthVarSignChainSHA256Digest (\r
+ IN UINT8 *SignerCert,\r
+ IN UINTN SignerCertSize,\r
+ IN UINT8 *TopLevelCert,\r
+ IN UINTN TopLevelCertSize,\r
+ OUT UINT8 *Sha256Digest\r
)\r
{\r
- UINT8 *TbsCert;\r
- UINTN TbsCertSize;\r
- CHAR8 CertCommonName[128];\r
- UINTN CertCommonNameSize;\r
- BOOLEAN CryptoStatus;\r
- EFI_STATUS Status;\r
+ UINT8 *TbsCert;\r
+ UINTN TbsCertSize;\r
+ CHAR8 CertCommonName[128];\r
+ UINTN CertCommonNameSize;\r
+ BOOLEAN CryptoStatus;\r
+ EFI_STATUS Status;\r
\r
- CertCommonNameSize = sizeof(CertCommonName);\r
+ CertCommonNameSize = sizeof (CertCommonName);\r
\r
//\r
// Get SignerCert CommonName\r
//\r
- Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);\r
- if (EFI_ERROR(Status)) {\r
- DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));\r
+ Status = X509GetCommonName (SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));\r
return EFI_ABORTED;\r
}\r
\r
//\r
// Get TopLevelCert tbsCertificate\r
//\r
- if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {\r
- DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));\r
+ if (!X509GetTBSCert (TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {\r
+ DEBUG ((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));\r
return EFI_ABORTED;\r
}\r
\r
return EFI_ABORTED;\r
}\r
\r
- CryptoStatus = Sha256Final (mHashCtx, Sha256Digest);\r
+ CryptoStatus = Sha256Final (mHashCtx, Sha256Digest);\r
if (!CryptoStatus) {\r
return EFI_ABORTED;\r
}\r
**/\r
EFI_STATUS\r
FindCertsFromDb (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN UINT8 *Data,\r
- IN UINTN DataSize,\r
- OUT UINT32 *CertOffset OPTIONAL,\r
- OUT UINT32 *CertDataSize OPTIONAL,\r
- OUT UINT32 *CertNodeOffset OPTIONAL,\r
- OUT UINT32 *CertNodeSize OPTIONAL\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT8 *Data,\r
+ IN UINTN DataSize,\r
+ OUT UINT32 *CertOffset OPTIONAL,\r
+ OUT UINT32 *CertDataSize OPTIONAL,\r
+ OUT UINT32 *CertNodeOffset OPTIONAL,\r
+ OUT UINT32 *CertNodeSize OPTIONAL\r
)\r
{\r
- UINT32 Offset;\r
- AUTH_CERT_DB_DATA *Ptr;\r
- UINT32 CertSize;\r
- UINT32 NameSize;\r
- UINT32 NodeSize;\r
- UINT32 CertDbListSize;\r
+ UINT32 Offset;\r
+ AUTH_CERT_DB_DATA *Ptr;\r
+ UINT32 CertSize;\r
+ UINT32 NameSize;\r
+ UINT32 NodeSize;\r
+ UINT32 CertDbListSize;\r
\r
if ((VariableName == NULL) || (VendorGuid == NULL) || (Data == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
- CertDbListSize = ReadUnaligned32 ((UINT32 *) Data);\r
+ CertDbListSize = ReadUnaligned32 ((UINT32 *)Data);\r
\r
- if (CertDbListSize != (UINT32) DataSize) {\r
+ if (CertDbListSize != (UINT32)DataSize) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Get corresponding certificates by VendorGuid and VariableName.\r
//\r
- while (Offset < (UINT32) DataSize) {\r
- Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);\r
+ while (Offset < (UINT32)DataSize) {\r
+ Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);\r
//\r
// Check whether VendorGuid matches.\r
//\r
CertSize = ReadUnaligned32 (&Ptr->CertDataSize);\r
\r
if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +\r
- sizeof (CHAR16) * NameSize) {\r
+ sizeof (CHAR16) * NameSize)\r
+ {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// Check whether VariableName matches.\r
//\r
if ((NameSize == StrLen (VariableName)) &&\r
- (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {\r
+ (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0))\r
+ {\r
Offset = Offset + NameSize * sizeof (CHAR16);\r
\r
if (CertOffset != NULL) {\r
}\r
\r
if (CertNodeOffset != NULL) {\r
- *CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data);\r
+ *CertNodeOffset = (UINT32)((UINT8 *)Ptr - Data);\r
}\r
\r
if (CertNodeSize != NULL) {\r
**/\r
EFI_STATUS\r
GetCertsFromDb (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN UINT32 Attributes,\r
- OUT UINT8 **CertData,\r
- OUT UINT32 *CertDataSize\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT32 Attributes,\r
+ OUT UINT8 **CertData,\r
+ OUT UINT32 *CertDataSize\r
)\r
{\r
- EFI_STATUS Status;\r
- UINT8 *Data;\r
- UINTN DataSize;\r
- UINT32 CertOffset;\r
- CHAR16 *DbName;\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+ UINT32 CertOffset;\r
+ CHAR16 *DbName;\r
\r
if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL) || (CertDataSize == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
-\r
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {\r
//\r
// Get variable "certdb".\r
Status = AuthServiceInternalFindVariable (\r
DbName,\r
&gEfiCertDbGuid,\r
- (VOID **) &Data,\r
+ (VOID **)&Data,\r
&DataSize\r
);\r
if (EFI_ERROR (Status)) {\r
**/\r
EFI_STATUS\r
DeleteCertsFromDb (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN UINT32 Attributes\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT32 Attributes\r
)\r
{\r
- EFI_STATUS Status;\r
- UINT8 *Data;\r
- UINTN DataSize;\r
- UINT32 VarAttr;\r
- UINT32 CertNodeOffset;\r
- UINT32 CertNodeSize;\r
- UINT8 *NewCertDb;\r
- UINT32 NewCertDbSize;\r
- CHAR16 *DbName;\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+ UINT32 VarAttr;\r
+ UINT32 CertNodeOffset;\r
+ UINT32 CertNodeSize;\r
+ UINT8 *NewCertDb;\r
+ UINT32 NewCertDbSize;\r
+ CHAR16 *DbName;\r
\r
if ((VariableName == NULL) || (VendorGuid == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
//\r
// Get variable "certdb".\r
//\r
- DbName = EFI_CERT_DB_NAME;\r
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
+ DbName = EFI_CERT_DB_NAME;\r
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
} else {\r
//\r
// Get variable "certdbv".\r
//\r
- DbName = EFI_CERT_DB_VOLATILE_NAME;\r
+ DbName = EFI_CERT_DB_VOLATILE_NAME;\r
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
}\r
\r
Status = AuthServiceInternalFindVariable (\r
DbName,\r
&gEfiCertDbGuid,\r
- (VOID **) &Data,\r
+ (VOID **)&Data,\r
&DataSize\r
);\r
\r
//\r
// Construct new data content of variable "certdb" or "certdbv".\r
//\r
- NewCertDbSize = (UINT32) DataSize - CertNodeSize;\r
- NewCertDb = (UINT8*) mCertDbStore;\r
+ NewCertDbSize = (UINT32)DataSize - CertNodeSize;\r
+ NewCertDb = (UINT8 *)mCertDbStore;\r
\r
//\r
// Copy the DB entries before deleting node.\r
//\r
// Set "certdb" or "certdbv".\r
//\r
- Status = AuthServiceInternalUpdateVariable (\r
- DbName,\r
- &gEfiCertDbGuid,\r
- NewCertDb,\r
- NewCertDbSize,\r
- VarAttr\r
- );\r
+ Status = AuthServiceInternalUpdateVariable (\r
+ DbName,\r
+ &gEfiCertDbGuid,\r
+ NewCertDb,\r
+ NewCertDbSize,\r
+ VarAttr\r
+ );\r
\r
return Status;\r
}\r
**/\r
EFI_STATUS\r
InsertCertsToDb (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN UINT32 Attributes,\r
- IN UINT8 *SignerCert,\r
- IN UINTN SignerCertSize,\r
- IN UINT8 *TopLevelCert,\r
- IN UINTN TopLevelCertSize\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT32 Attributes,\r
+ IN UINT8 *SignerCert,\r
+ IN UINTN SignerCertSize,\r
+ IN UINT8 *TopLevelCert,\r
+ IN UINTN TopLevelCertSize\r
)\r
{\r
- EFI_STATUS Status;\r
- UINT8 *Data;\r
- UINTN DataSize;\r
- UINT32 VarAttr;\r
- UINT8 *NewCertDb;\r
- UINT32 NewCertDbSize;\r
- UINT32 CertNodeSize;\r
- UINT32 NameSize;\r
- UINT32 CertDataSize;\r
- AUTH_CERT_DB_DATA *Ptr;\r
- CHAR16 *DbName;\r
- UINT8 Sha256Digest[SHA256_DIGEST_SIZE];\r
-\r
- if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) ||(TopLevelCert == NULL)) {\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+ UINT32 VarAttr;\r
+ UINT8 *NewCertDb;\r
+ UINT32 NewCertDbSize;\r
+ UINT32 CertNodeSize;\r
+ UINT32 NameSize;\r
+ UINT32 CertDataSize;\r
+ AUTH_CERT_DB_DATA *Ptr;\r
+ CHAR16 *DbName;\r
+ UINT8 Sha256Digest[SHA256_DIGEST_SIZE];\r
+\r
+ if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) || (TopLevelCert == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
//\r
// Get variable "certdb".\r
//\r
- DbName = EFI_CERT_DB_NAME;\r
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
+ DbName = EFI_CERT_DB_NAME;\r
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
} else {\r
//\r
// Get variable "certdbv".\r
//\r
- DbName = EFI_CERT_DB_VOLATILE_NAME;\r
+ DbName = EFI_CERT_DB_VOLATILE_NAME;\r
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
}\r
\r
Status = AuthServiceInternalFindVariable (\r
DbName,\r
&gEfiCertDbGuid,\r
- (VOID **) &Data,\r
+ (VOID **)&Data,\r
&DataSize\r
);\r
if (EFI_ERROR (Status)) {\r
//\r
// Construct new data content of variable "certdb" or "certdbv".\r
//\r
- NameSize = (UINT32) StrLen (VariableName);\r
- CertDataSize = sizeof(Sha256Digest);\r
- CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);\r
- NewCertDbSize = (UINT32) DataSize + CertNodeSize;\r
+ NameSize = (UINT32)StrLen (VariableName);\r
+ CertDataSize = sizeof (Sha256Digest);\r
+ CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32)CertDataSize + NameSize * sizeof (CHAR16);\r
+ NewCertDbSize = (UINT32)DataSize + CertNodeSize;\r
if (NewCertDbSize > mMaxCertDbSize) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- Status = CalculatePrivAuthVarSignChainSHA256Digest(\r
+ Status = CalculatePrivAuthVarSignChainSHA256Digest (\r
SignerCert,\r
SignerCertSize,\r
TopLevelCert,\r
return Status;\r
}\r
\r
- NewCertDb = (UINT8*) mCertDbStore;\r
+ NewCertDb = (UINT8 *)mCertDbStore;\r
\r
//\r
// Copy the DB entries before inserting node.\r
//\r
// Construct new cert node.\r
//\r
- Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize);\r
+ Ptr = (AUTH_CERT_DB_DATA *)(NewCertDb + DataSize);\r
CopyGuid (&Ptr->VendorGuid, VendorGuid);\r
CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32));\r
CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32));\r
CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32));\r
\r
CopyMem (\r
- (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA),\r
+ (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA),\r
VariableName,\r
NameSize * sizeof (CHAR16)\r
);\r
\r
CopyMem (\r
- (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),\r
+ (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),\r
Sha256Digest,\r
CertDataSize\r
);\r
//\r
// Set "certdb" or "certdbv".\r
//\r
- Status = AuthServiceInternalUpdateVariable (\r
- DbName,\r
- &gEfiCertDbGuid,\r
- NewCertDb,\r
- NewCertDbSize,\r
- VarAttr\r
- );\r
+ Status = AuthServiceInternalUpdateVariable (\r
+ DbName,\r
+ &gEfiCertDbGuid,\r
+ NewCertDb,\r
+ NewCertDbSize,\r
+ VarAttr\r
+ );\r
\r
return Status;\r
}\r
VOID\r
)\r
{\r
- UINT32 Offset;\r
- AUTH_CERT_DB_DATA *Ptr;\r
- UINT32 NameSize;\r
- UINT32 NodeSize;\r
- CHAR16 *VariableName;\r
- EFI_STATUS Status;\r
- BOOLEAN CertCleaned;\r
- UINT8 *Data;\r
- UINTN DataSize;\r
- EFI_GUID AuthVarGuid;\r
- AUTH_VARIABLE_INFO AuthVariableInfo;\r
+ UINT32 Offset;\r
+ AUTH_CERT_DB_DATA *Ptr;\r
+ UINT32 NameSize;\r
+ UINT32 NodeSize;\r
+ CHAR16 *VariableName;\r
+ EFI_STATUS Status;\r
+ BOOLEAN CertCleaned;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+ EFI_GUID AuthVarGuid;\r
+ AUTH_VARIABLE_INFO AuthVariableInfo;\r
\r
Status = EFI_SUCCESS;\r
\r
Status = AuthServiceInternalFindVariable (\r
EFI_CERT_DB_NAME,\r
&gEfiCertDbGuid,\r
- (VOID **) &Data,\r
+ (VOID **)&Data,\r
&DataSize\r
);\r
if (EFI_ERROR (Status)) {\r
\r
Offset = sizeof (UINT32);\r
\r
- while (Offset < (UINT32) DataSize) {\r
- Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);\r
+ while (Offset < (UINT32)DataSize) {\r
+ Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);\r
NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);\r
NameSize = ReadUnaligned32 (&Ptr->NameSize);\r
\r
//\r
// Get VarName tailed with '\0'\r
//\r
- VariableName = AllocateZeroPool((NameSize + 1) * sizeof(CHAR16));\r
+ VariableName = AllocateZeroPool ((NameSize + 1) * sizeof (CHAR16));\r
if (VariableName == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
- CopyMem (VariableName, (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof(CHAR16));\r
+\r
+ CopyMem (VariableName, (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof (CHAR16));\r
//\r
// Keep VarGuid aligned\r
//\r
- CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof(EFI_GUID));\r
+ CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof (EFI_GUID));\r
\r
//\r
// Find corresponding time auth variable\r
&AuthVariableInfo\r
);\r
\r
- if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {\r
+ if (EFI_ERROR (Status) || ((AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) {\r
//\r
// While cleaning certdb, always delete the variable in certdb regardless of it attributes.\r
//\r
- Status = DeleteCertsFromDb(\r
- VariableName,\r
- &AuthVarGuid,\r
- AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE\r
- );\r
+ Status = DeleteCertsFromDb (\r
+ VariableName,\r
+ &AuthVarGuid,\r
+ AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE\r
+ );\r
CertCleaned = TRUE;\r
- DEBUG((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));\r
- FreePool(VariableName);\r
+ DEBUG ((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));\r
+ FreePool (VariableName);\r
break;\r
}\r
\r
- FreePool(VariableName);\r
+ FreePool (VariableName);\r
Offset = Offset + NodeSize;\r
}\r
} while (CertCleaned);\r
**/\r
EFI_STATUS\r
VerifyTimeBasedPayload (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes,\r
- IN AUTHVAR_TYPE AuthVarType,\r
- IN EFI_TIME *OrgTimeStamp,\r
- OUT UINT8 **VarPayloadPtr,\r
- OUT UINTN *VarPayloadSize\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes,\r
+ IN AUTHVAR_TYPE AuthVarType,\r
+ IN EFI_TIME *OrgTimeStamp,\r
+ OUT UINT8 **VarPayloadPtr,\r
+ OUT UINTN *VarPayloadSize\r
)\r
{\r
- EFI_VARIABLE_AUTHENTICATION_2 *CertData;\r
- UINT8 *SigData;\r
- UINT32 SigDataSize;\r
- UINT8 *PayloadPtr;\r
- UINTN PayloadSize;\r
- UINT32 Attr;\r
- BOOLEAN VerifyStatus;\r
- EFI_STATUS Status;\r
- EFI_SIGNATURE_LIST *CertList;\r
- EFI_SIGNATURE_DATA *Cert;\r
- UINTN Index;\r
- UINTN CertCount;\r
- UINT32 KekDataSize;\r
- UINT8 *NewData;\r
- UINTN NewDataSize;\r
- UINT8 *Buffer;\r
- UINTN Length;\r
- UINT8 *TopLevelCert;\r
- UINTN TopLevelCertSize;\r
- UINT8 *TrustedCert;\r
- UINTN TrustedCertSize;\r
- UINT8 *SignerCerts;\r
- UINTN CertStackSize;\r
- UINT8 *CertsInCertDb;\r
- UINT32 CertsSizeinDb;\r
- UINT8 Sha256Digest[SHA256_DIGEST_SIZE];\r
- EFI_CERT_DATA *CertDataPtr;\r
+ EFI_VARIABLE_AUTHENTICATION_2 *CertData;\r
+ UINT8 *SigData;\r
+ UINT32 SigDataSize;\r
+ UINT8 *PayloadPtr;\r
+ UINTN PayloadSize;\r
+ UINT32 Attr;\r
+ BOOLEAN VerifyStatus;\r
+ EFI_STATUS Status;\r
+ EFI_SIGNATURE_LIST *CertList;\r
+ EFI_SIGNATURE_DATA *Cert;\r
+ UINTN Index;\r
+ UINTN CertCount;\r
+ UINT32 KekDataSize;\r
+ UINT8 *NewData;\r
+ UINTN NewDataSize;\r
+ UINT8 *Buffer;\r
+ UINTN Length;\r
+ UINT8 *TopLevelCert;\r
+ UINTN TopLevelCertSize;\r
+ UINT8 *TrustedCert;\r
+ UINTN TrustedCertSize;\r
+ UINT8 *SignerCerts;\r
+ UINTN CertStackSize;\r
+ UINT8 *CertsInCertDb;\r
+ UINT32 CertsSizeinDb;\r
+ UINT8 Sha256Digest[SHA256_DIGEST_SIZE];\r
+ EFI_CERT_DATA *CertDataPtr;\r
\r
//\r
// 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain\r
// 2. TrustedCert is the certificate which firmware trusts. It could be saved in protected\r
// storage or PK payload on PK init\r
//\r
- VerifyStatus = FALSE;\r
- CertData = NULL;\r
- NewData = NULL;\r
- Attr = Attributes;\r
- SignerCerts = NULL;\r
- TopLevelCert = NULL;\r
- CertsInCertDb = NULL;\r
- CertDataPtr = NULL;\r
+ VerifyStatus = FALSE;\r
+ CertData = NULL;\r
+ NewData = NULL;\r
+ Attr = Attributes;\r
+ SignerCerts = NULL;\r
+ TopLevelCert = NULL;\r
+ CertsInCertDb = NULL;\r
+ CertDataPtr = NULL;\r
\r
//\r
// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is\r
// variable value. The authentication descriptor is not part of the variable data and is not\r
// returned by subsequent calls to GetVariable().\r
//\r
- CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;\r
+ CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;\r
\r
//\r
// Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the\r
(CertData->TimeStamp.Nanosecond != 0) ||\r
(CertData->TimeStamp.TimeZone != 0) ||\r
(CertData->TimeStamp.Daylight != 0) ||\r
- (CertData->TimeStamp.Pad2 != 0)) {\r
+ (CertData->TimeStamp.Pad2 != 0))\r
+ {\r
return EFI_SECURITY_VIOLATION;\r
}\r
\r
// Cert type should be EFI_CERT_TYPE_PKCS7_GUID.\r
//\r
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||\r
- !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) {\r
+ !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid))\r
+ {\r
//\r
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.\r
//\r
// Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor.\r
// AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.\r
//\r
- SigData = CertData->AuthInfo.CertData;\r
- SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));\r
+ SigData = CertData->AuthInfo.CertData;\r
+ SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));\r
\r
//\r
// SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the\r
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {\r
if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||\r
- (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
+ (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0))\r
+ {\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
}\r
}\r
\r
//\r
// Find out the new data payload which follows Pkcs7 SignedData directly.\r
//\r
- PayloadPtr = SigData + SigDataSize;\r
- PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;\r
+ PayloadPtr = SigData + SigDataSize;\r
+ PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN)SigDataSize;\r
\r
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.\r
- if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) {\r
+ if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {\r
VerifyStatus = TRUE;\r
goto Exit;\r
}\r
// because it is only used at here to do verification temporarily first\r
// and then used in UpdateVariable() for a time based auth variable set.\r
//\r
- Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **) &NewData);\r
+ Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **)&NewData);\r
if (EFI_ERROR (Status)) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
VerifyStatus = FALSE;\r
goto Exit;\r
}\r
- CertList = (EFI_SIGNATURE_LIST *) Data;\r
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+\r
+ CertList = (EFI_SIGNATURE_LIST *)Data;\r
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) ||\r
- (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) {\r
+ (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0))\r
+ {\r
VerifyStatus = FALSE;\r
goto Exit;\r
}\r
NewData,\r
NewDataSize\r
);\r
-\r
} else if (AuthVarType == AuthVarTypeKek) {\r
-\r
//\r
// Get KEK database from variable.\r
//\r
//\r
// Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList.\r
//\r
- KekDataSize = (UINT32) DataSize;\r
- CertList = (EFI_SIGNATURE_LIST *) Data;\r
+ KekDataSize = (UINT32)DataSize;\r
+ CertList = (EFI_SIGNATURE_LIST *)Data;\r
while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {\r
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
for (Index = 0; Index < CertCount; Index++) {\r
//\r
// Iterate each Signature Data Node within this CertList for a verify\r
//\r
- TrustedCert = Cert->SignatureData;\r
- TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);\r
+ TrustedCert = Cert->SignatureData;\r
+ TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);\r
\r
//\r
// Verify Pkcs7 SignedData via Pkcs7Verify library.\r
if (VerifyStatus) {\r
goto Exit;\r
}\r
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
+\r
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);\r
}\r
}\r
+\r
KekDataSize -= CertList->SignatureListSize;\r
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);\r
}\r
} else if (AuthVarType == AuthVarTypePriv) {\r
-\r
//\r
// Process common authenticated variable except PK/KEK/DB/DBX/DBT.\r
// Get signer's certificates from SignedData.\r
// Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb\r
//\r
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);\r
- Status = CalculatePrivAuthVarSignChainSHA256Digest(\r
- CertDataPtr->CertDataBuffer,\r
- ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),\r
- TopLevelCert,\r
- TopLevelCertSize,\r
- Sha256Digest\r
- );\r
- if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){\r
+ Status = CalculatePrivAuthVarSignChainSHA256Digest (\r
+ CertDataPtr->CertDataBuffer,\r
+ ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),\r
+ TopLevelCert,\r
+ TopLevelCertSize,\r
+ Sha256Digest\r
+ );\r
+ if (EFI_ERROR (Status) || (CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0)) {\r
goto Exit;\r
}\r
} else {\r
- //\r
- // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb\r
- //\r
- if ((CertStackSize != CertsSizeinDb) ||\r
- (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {\r
- goto Exit;\r
- }\r
+ //\r
+ // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb\r
+ //\r
+ if ((CertStackSize != CertsSizeinDb) ||\r
+ (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0))\r
+ {\r
+ goto Exit;\r
+ }\r
}\r
}\r
\r
// When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer\r
//\r
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);\r
- Status = InsertCertsToDb (\r
- VariableName,\r
- VendorGuid,\r
- Attributes,\r
- CertDataPtr->CertDataBuffer,\r
- ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),\r
- TopLevelCert,\r
- TopLevelCertSize\r
- );\r
+ Status = InsertCertsToDb (\r
+ VariableName,\r
+ VendorGuid,\r
+ Attributes,\r
+ CertDataPtr->CertDataBuffer,\r
+ ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),\r
+ TopLevelCert,\r
+ TopLevelCertSize\r
+ );\r
if (EFI_ERROR (Status)) {\r
VerifyStatus = FALSE;\r
goto Exit;\r
}\r
}\r
} else if (AuthVarType == AuthVarTypePayload) {\r
- CertList = (EFI_SIGNATURE_LIST *) PayloadPtr;\r
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
+ CertList = (EFI_SIGNATURE_LIST *)PayloadPtr;\r
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
TrustedCert = Cert->SignatureData;\r
TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);\r
//\r
\r
Exit:\r
\r
- if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {\r
+ if ((AuthVarType == AuthVarTypePk) || (AuthVarType == AuthVarTypePriv)) {\r
if (TopLevelCert != NULL) {\r
- Pkcs7FreeSigners (TopLevelCert);\r
+ Pkcs7FreeSigners (TopLevelCert);\r
}\r
+\r
if (SignerCerts != NULL) {\r
- Pkcs7FreeSigners (SignerCerts);\r
+ Pkcs7FreeSigners (SignerCerts);\r
}\r
}\r
\r
return EFI_SECURITY_VIOLATION;\r
}\r
\r
- Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize);\r
+ Status = CheckSignatureListFormat (VariableName, VendorGuid, PayloadPtr, PayloadSize);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
\r
- *VarPayloadPtr = PayloadPtr;\r
+ *VarPayloadPtr = PayloadPtr;\r
*VarPayloadSize = PayloadSize;\r
\r
return EFI_SUCCESS;\r
**/\r
EFI_STATUS\r
VerifyTimeBasedPayloadAndUpdate (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes,\r
- IN AUTHVAR_TYPE AuthVarType,\r
- OUT BOOLEAN *VarDel\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes,\r
+ IN AUTHVAR_TYPE AuthVarType,\r
+ OUT BOOLEAN *VarDel\r
)\r
{\r
- EFI_STATUS Status;\r
- EFI_STATUS FindStatus;\r
- UINT8 *PayloadPtr;\r
- UINTN PayloadSize;\r
- EFI_VARIABLE_AUTHENTICATION_2 *CertData;\r
- AUTH_VARIABLE_INFO OrgVariableInfo;\r
- BOOLEAN IsDel;\r
+ EFI_STATUS Status;\r
+ EFI_STATUS FindStatus;\r
+ UINT8 *PayloadPtr;\r
+ UINTN PayloadSize;\r
+ EFI_VARIABLE_AUTHENTICATION_2 *CertData;\r
+ AUTH_VARIABLE_INFO OrgVariableInfo;\r
+ BOOLEAN IsDel;\r
\r
ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo));\r
FindStatus = mAuthVarLibContextIn->FindVariable (\r
- VariableName,\r
- VendorGuid,\r
- &OrgVariableInfo\r
- );\r
+ VariableName,\r
+ VendorGuid,\r
+ &OrgVariableInfo\r
+ );\r
\r
Status = VerifyTimeBasedPayload (\r
VariableName,\r
return Status;\r
}\r
\r
- if (!EFI_ERROR(FindStatus)\r
- && (PayloadSize == 0)\r
- && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {\r
+ if ( !EFI_ERROR (FindStatus)\r
+ && (PayloadSize == 0)\r
+ && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0))\r
+ {\r
IsDel = TRUE;\r
} else {\r
IsDel = FALSE;\r
}\r
\r
- CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;\r
+ CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;\r
\r
//\r
// Final step: Update/Append Variable if it pass Pkcs7Verify\r
//\r
// Delete signer's certificates when delete the common authenticated variable.\r
//\r
- if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) {\r
+ if (IsDel && (AuthVarType == AuthVarTypePriv) && !EFI_ERROR (Status)) {\r
Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);\r
}\r
\r
if (VarDel != NULL) {\r
- if (IsDel && !EFI_ERROR(Status)) {\r
+ if (IsDel && !EFI_ERROR (Status)) {\r
*VarDel = TRUE;\r
} else {\r
*VarDel = FALSE;\r
projects / mirror_edk2.git / blobdiff