may not be modified without authorization. If platform fails to protect these resources,\r
the authentication service provided in this driver will be broken, and the behavior is undefined.\r
\r
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
#pragma pack()\r
\r
///\r
-/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
-/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
+/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS|EFI_VARIABLE_NON_VOLATILE set.\r
+/// "certdbv" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
///\r
/// GUID: gEfiCertDbGuid\r
///\r
/// | AUTH_CERT_DB_DATA | <-- Last CERT\r
/// +----------------------------+\r
///\r
-#define EFI_CERT_DB_NAME L"certdb"\r
+#define EFI_CERT_DB_NAME L"certdb"\r
+#define EFI_CERT_DB_VOLATILE_NAME L"certdbv"\r
\r
#pragma pack(1)\r
typedef struct {\r
extern UINT32 mMaxCertDbSize;\r
extern UINT32 mPlatformMode;\r
extern UINT8 mVendorKeyState;\r
+extern BOOLEAN mUserPhysicalPresent;\r
\r
extern VOID *mHashCtx;\r
\r
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;\r
\r
+\r
/**\r
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
\r
/**\r
Delete matching signer's certificates when deleting common authenticated\r
- variable by corresponding VariableName and VendorGuid from "certdb".\r
+ variable by corresponding VariableName and VendorGuid from "certdb" or \r
+ "certdbv" according to authenticated variable attributes.\r
\r
@param[in] VariableName Name of authenticated Variable.\r
@param[in] VendorGuid Vendor GUID of authenticated Variable.\r
+ @param[in] Attributes Attributes of authenticated variable.\r
\r
@retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r
- @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.\r
+ @retval EFI_NOT_FOUND Fail to find "certdb"/"certdbv" or matching certs.\r
@retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r
@retval EFI_SUCCESS The operation is completed successfully.\r
\r
EFI_STATUS\r
DeleteCertsFromDb (\r
IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT32 Attributes\r
+ );\r
+\r
+/**\r
+ Clean up signer's certificates for common authenticated variable\r
+ by corresponding VariableName and VendorGuid from "certdb".\r
+ Sytem may break down during Timebased Variable update & certdb update,\r
+ make them inconsistent, this function is called in AuthVariable Init to ensure \r
+ consistency\r
+ \r
+ @retval EFI_NOT_FOUND Fail to find matching certs.\r
+ @retval EFI_SUCCESS Find matching certs and output parameters.\r
+\r
+**/\r
+EFI_STATUS\r
+CleanCertsFromDb (\r
+ VOID\r
);\r
\r
/**\r
IN EFI_GUID *VendorGuid,\r
IN VOID *Data,\r
IN UINTN DataSize,\r
- IN UINT32 Attributes OPTIONAL\r
+ IN UINT32 Attributes\r
);\r
\r
/**\r