They will do basic validation for authentication data structure, then call crypto library\r
to verify the signature.\r
\r
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
//\r
VOID *mHashCtx = NULL;\r
\r
-//\r
-// Pointer to runtime buffer.\r
-// For "Append" operation to an existing variable, a read/modify/write operation\r
-// is supported by firmware internally. Reserve runtime buffer to cache previous\r
-// variable data in runtime phase because memory allocation is forbidden in virtual mode.\r
-//\r
-VOID *mStorageArea = NULL;\r
-\r
//\r
// The serialization of the values of the VariableName, VendorGuid and Attributes\r
// parameters of the SetVariable() call and the TimeStamp component of the\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- //\r
- // Reserved runtime buffer for "Append" operation in virtual mode.\r
- //\r
- mStorageArea = AllocateRuntimePool (MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)));\r
- if (mStorageArea == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
- }\r
-\r
//\r
// Prepare runtime buffer for serialized data of time-based authenticated\r
// Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).\r
Add public key in store and return its index.\r
\r
@param[in] PubKey Input pointer to Public Key data\r
+ @param[in] VariableDataEntry The variable data entry \r
\r
@return Index of new added item\r
\r
**/\r
UINT32\r
AddPubKeyInStore (\r
- IN UINT8 *PubKey\r
+ IN UINT8 *PubKey,\r
+ IN VARIABLE_ENTRY_CONSISTENCY *VariableDataEntry\r
)\r
{\r
- EFI_STATUS Status;\r
- BOOLEAN IsFound;\r
- UINT32 Index;\r
- VARIABLE_POINTER_TRACK Variable;\r
- UINT8 *Ptr;\r
- UINT8 *Data;\r
- UINTN DataSize;\r
+ EFI_STATUS Status;\r
+ BOOLEAN IsFound;\r
+ UINT32 Index;\r
+ VARIABLE_POINTER_TRACK Variable;\r
+ UINT8 *Ptr;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+ VARIABLE_ENTRY_CONSISTENCY PublicKeyEntry;\r
+ UINT32 Attributes;\r
\r
if (PubKey == NULL) {\r
return 0;\r
&mVariableModuleGlobal->VariableGlobal,\r
FALSE\r
);\r
- ASSERT_EFI_ERROR (Status);\r
if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "Get public key database variable failure, Status = %r\n", Status));\r
return 0;\r
}\r
\r
&mVariableModuleGlobal->NonVolatileLastVariableOffset,\r
FALSE,\r
NULL,\r
- TRUE,\r
+ NULL,\r
+ 0,\r
TRUE\r
);\r
if (EFI_ERROR (Status)) {\r
&mVariableModuleGlobal->VariableGlobal,\r
FALSE\r
);\r
- ASSERT_EFI_ERROR (Status);\r
if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "Get public key database variable failure, Status = %r\n", Status));\r
return 0;\r
}\r
\r
} \r
}\r
\r
+ //\r
+ // Check the variable space for both public key and variable data.\r
+ //\r
+ PublicKeyEntry.VariableSize = (mPubKeyNumber + 1) * EFI_CERT_TYPE_RSA2048_SIZE;\r
+ PublicKeyEntry.Guid = &gEfiAuthenticatedVariableGuid;\r
+ PublicKeyEntry.Name = AUTHVAR_KEYDB_NAME;\r
+ Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+\r
+ if (!CheckRemainingSpaceForConsistency (Attributes, &PublicKeyEntry, VariableDataEntry, NULL)) {\r
+ //\r
+ // No enough variable space.\r
+ //\r
+ return 0;\r
+ }\r
+\r
CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);\r
Index = ++mPubKeyNumber;\r
//\r
&gEfiAuthenticatedVariableGuid,\r
mPubKeyStore,\r
mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,\r
+ Attributes,\r
0,\r
0,\r
&Variable,\r
NULL\r
);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "Update public key database variable failure, Status = %r\n", Status));\r
+ return 0;\r
+ }\r
}\r
\r
return Index;\r
return Status;\r
}\r
\r
- if (mPlatformMode != SETUP_MODE || IsPk) {\r
+ if ((mPlatformMode != SETUP_MODE) || IsPk) {\r
Status = VendorKeyIsModified ();\r
}\r
} else if (mPlatformMode == USER_MODE) {\r
EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;\r
UINT32 KeyIndex;\r
UINT64 MonotonicCount;\r
+ VARIABLE_ENTRY_CONSISTENCY VariableDataEntry;\r
\r
KeyIndex = 0;\r
CertData = NULL;\r
// Now, the signature has been verified!\r
//\r
if (IsFirstTime && !IsDeletion) {\r
+ VariableDataEntry.VariableSize = DataSize - AUTHINFO_SIZE;\r
+ VariableDataEntry.Guid = VendorGuid;\r
+ VariableDataEntry.Name = VariableName;\r
+\r
//\r
// Update public key database variable if need.\r
//\r
- KeyIndex = AddPubKeyInStore (PubKey);\r
+ KeyIndex = AddPubKeyInStore (PubKey, &VariableDataEntry);\r
if (KeyIndex == 0) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
projects / mirror_edk2.git / blobdiff