///\r
/// Global database array for scratch\r
///\r
-UINT8 *mPubKeyStore;\r
-UINT32 mPubKeyNumber;\r
-UINT32 mMaxKeyNumber;\r
-UINT32 mMaxKeyDbSize;\r
UINT8 *mCertDbStore;\r
UINT32 mMaxCertDbSize;\r
UINT32 mPlatformMode;\r
sizeof (UINT8)\r
}\r
},\r
- {\r
- &gEfiAuthenticatedVariableGuid,\r
- AUTHVAR_KEYDB_NAME,\r
- {\r
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
- VARIABLE_ATTRIBUTE_NV_BS_RT_AW,\r
- sizeof (UINT8),\r
- MAX_UINTN\r
- }\r
- },\r
{\r
&gEfiCertDbGuid,\r
EFI_CERT_DB_NAME,\r
},\r
};\r
\r
-VOID **mAuthVarAddressPointer[10];\r
+VOID **mAuthVarAddressPointer[9];\r
\r
AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;\r
\r
)\r
{\r
EFI_STATUS Status;\r
- UINT8 VarValue;\r
UINT32 VarAttr;\r
UINT8 *Data;\r
UINTN DataSize;\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- //\r
- // Reserve runtime buffer for public key database. The size excludes variable header and name size.\r
- //\r
- mMaxKeyDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (AUTHVAR_KEYDB_NAME));\r
- mMaxKeyNumber = mMaxKeyDbSize / sizeof (AUTHVAR_KEY_DB_DATA);\r
- mPubKeyStore = AllocateRuntimePool (mMaxKeyDbSize);\r
- if (mPubKeyStore == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
- }\r
-\r
//\r
// Reserve runtime buffer for certificate database. The size excludes variable header and name size.\r
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- //\r
- // Check "AuthVarKeyDatabase" variable's existence.\r
- // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
- //\r
- Status = AuthServiceInternalFindVariable (\r
- AUTHVAR_KEYDB_NAME,\r
- &gEfiAuthenticatedVariableGuid,\r
- (VOID **) &Data,\r
- &DataSize\r
- );\r
- if (EFI_ERROR (Status)) {\r
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
- VarValue = 0;\r
- mPubKeyNumber = 0;\r
- Status = AuthServiceInternalUpdateVariable (\r
- AUTHVAR_KEYDB_NAME,\r
- &gEfiAuthenticatedVariableGuid,\r
- &VarValue,\r
- sizeof(UINT8),\r
- VarAttr\r
- );\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
- } else {\r
- //\r
- // Load database in global variable for cache.\r
- //\r
- ASSERT ((DataSize != 0) && (Data != NULL));\r
- //\r
- // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)\r
- // Therefore, there is no memory overflow in underlying CopyMem.\r
- //\r
- CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);\r
- mPubKeyNumber = (UINT32) (DataSize / sizeof (AUTHVAR_KEY_DB_DATA));\r
- }\r
-\r
Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));\r
AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);\r
AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;\r
AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);\r
- mAuthVarAddressPointer[0] = (VOID **) &mPubKeyStore;\r
- mAuthVarAddressPointer[1] = (VOID **) &mCertDbStore;\r
- mAuthVarAddressPointer[2] = (VOID **) &mHashCtx;\r
- mAuthVarAddressPointer[3] = (VOID **) &mAuthVarLibContextIn;\r
- mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindVariable),\r
- mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),\r
- mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),\r
- mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),\r
- mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),\r
- mAuthVarAddressPointer[9] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),\r
+ mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;\r
+ mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;\r
+ mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;\r
+ mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),\r
+ mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),\r
+ mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),\r
+ mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),\r
+ mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),\r
+ mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),\r
AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;\r
AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);\r
\r
}\r
\r
/**\r
- Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
\r
@param[in] VariableName Name of the variable.\r
@param[in] VendorGuid Variable vendor GUID.\r
@retval EFI_INVALID_PARAMETER Invalid parameter.\r
@retval EFI_WRITE_PROTECTED Variable is write-protected.\r
@retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
- @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
- or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS\r
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS\r
set, but the AuthInfo does NOT pass the validation\r
check carried out by the firmware.\r
@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
projects / mirror_edk2.git / blobdiff