Calculate enough space for 2 variables (public key and variable data) instead of...

[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / AuthService.c
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c

index 3db3d29e69e854f63800c8eaee3f15e01e7c2eb6..25089ef0f6415ef6df5dfeb080be31d95f89e71e 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -456,16 +456,19 @@ AutenticatedVariableServiceInitialize (
  **/\r
  UINT32\r
  AddPubKeyInStore (\r
-  IN  UINT8               *PubKey\r
+  IN  UINT8                        *PubKey,\r
+  IN  VARIABLE_ENTRY_CONSISTENCY   *VariableDataEntry\r
    )\r
  {\r
-  EFI_STATUS              Status;\r
-  BOOLEAN                 IsFound;\r
-  UINT32                  Index;\r
-  VARIABLE_POINTER_TRACK  Variable;\r
-  UINT8                   *Ptr;\r
-  UINT8                   *Data;\r
-  UINTN                   DataSize;\r
+  EFI_STATUS                       Status;\r
+  BOOLEAN                          IsFound;\r
+  UINT32                           Index;\r
+  VARIABLE_POINTER_TRACK           Variable;\r
+  UINT8                            *Ptr;\r
+  UINT8                            *Data;\r
+  UINTN                            DataSize;\r
+  VARIABLE_ENTRY_CONSISTENCY       PublicKeyEntry;\r
+  UINT32                           Attributes;\r
  \r
    if (PubKey == NULL) {\r
      return 0;\r
@@ -546,6 +549,21 @@ AddPubKeyInStore (
        }     \r
      }\r
  \r
+    //\r
+    // Check the variable space for both public key and variable data.\r
+    //\r
+    PublicKeyEntry.VariableSize = (mPubKeyNumber + 1) * EFI_CERT_TYPE_RSA2048_SIZE;\r
+    PublicKeyEntry.Guid         = &gEfiAuthenticatedVariableGuid;\r
+    PublicKeyEntry.Name         = AUTHVAR_KEYDB_NAME;\r
+    Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+\r
+    if (!CheckRemainingSpaceForConsistency (Attributes, &PublicKeyEntry, VariableDataEntry, NULL)) {\r
+      //\r
+      // No enough variable space.\r
+      //\r
+      return 0;\r
+    }\r
+\r
      CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);\r
      Index = ++mPubKeyNumber;\r
      //\r
@@ -556,7 +574,7 @@ AddPubKeyInStore (
                 &gEfiAuthenticatedVariableGuid,\r
                 mPubKeyStore,\r
                 mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE,\r
-               EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,\r
+               Attributes,\r
                 0,\r
                 0,\r
                 &Variable,\r
@@ -1271,6 +1289,7 @@ ProcessVariable (
    EFI_CERT_BLOCK_RSA_2048_SHA256  *CertBlock;\r
    UINT32                          KeyIndex;\r
    UINT64                          MonotonicCount;\r
+  VARIABLE_ENTRY_CONSISTENCY      VariableDataEntry;\r
  \r
    KeyIndex    = 0;\r
    CertData    = NULL;\r
@@ -1396,10 +1415,14 @@ ProcessVariable (
    // Now, the signature has been verified!\r
    //\r
    if (IsFirstTime && !IsDeletion) {\r
+    VariableDataEntry.VariableSize = DataSize - AUTHINFO_SIZE;\r
+    VariableDataEntry.Guid         = VendorGuid;\r
+    VariableDataEntry.Name         = VariableName;\r
+\r
      //\r
      // Update public key database variable if need.\r
      //\r
-    KeyIndex = AddPubKeyInStore (PubKey);\r
+    KeyIndex = AddPubKeyInStore (PubKey, &VariableDataEntry);\r
      if (KeyIndex == 0) {\r
        return EFI_OUT_OF_RESOURCES;\r
      }\r