#include "SecureBootConfigImpl.h"\r
#include <UefiSecureBoot.h>\r
#include <Protocol/HiiPopup.h>\r
+#include <Protocol/RealTimeClock.h>\r
#include <Library/BaseCryptLib.h>\r
#include <Library/SecureBootVariableLib.h>\r
#include <Library/SecureBootVariableProvisionLib.h>\r
FileContext->FileType = UNKNOWN_FILE_TYPE;\r
}\r
\r
+/**\r
+ Helper function to populate an EFI_TIME instance.\r
+\r
+ @param[in] Time FileContext cached in SecureBootConfig driver\r
+\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+GetCurrentTime (\r
+ IN EFI_TIME *Time\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ VOID *TestPointer;\r
+\r
+ if (Time == NULL) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ Status = gBS->LocateProtocol (&gEfiRealTimeClockArchProtocolGuid, NULL, &TestPointer);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ ZeroMem (Time, sizeof (EFI_TIME));\r
+ Status = gRT->GetTime (Time, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((\r
+ DEBUG_ERROR,\r
+ "%a(), GetTime() failed, status = '%r'\n",\r
+ __FUNCTION__,\r
+ Status\r
+ ));\r
+ return Status;\r
+ }\r
+\r
+ Time->Pad1 = 0;\r
+ Time->Nanosecond = 0;\r
+ Time->TimeZone = 0;\r
+ Time->Daylight = 0;\r
+ Time->Pad2 = 0;\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
/**\r
This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix.\r
\r
UINT32 Attr;\r
UINTN DataSize;\r
EFI_SIGNATURE_LIST *PkCert;\r
+ EFI_TIME Time;\r
\r
PkCert = NULL;\r
\r
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS\r
| EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
DataSize = PkCert->SignatureListSize;\r
- Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&PkCert);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&PkCert, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r
UINTN KekSigListSize;\r
UINT8 *KeyBuffer;\r
UINTN KeyLenInBytes;\r
+ EFI_TIME Time;\r
\r
Attr = 0;\r
DataSize = 0;\r
//\r
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS\r
| EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
- Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r
UINTN DataSize;\r
UINTN KekSigListSize;\r
UINT32 Attr;\r
+ EFI_TIME Time;\r
\r
X509Data = NULL;\r
X509DataSize = 0;\r
//\r
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS\r
| EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
- Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8 **)&KekSigList, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r
UINTN DataSize;\r
UINTN SigDBSize;\r
UINT32 Attr;\r
+ EFI_TIME Time;\r
\r
X509DataSize = 0;\r
SigDBSize = 0;\r
//\r
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS\r
| EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
- Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r
UINT16 *FilePostFix;\r
UINTN NameLength;\r
EFI_TIME *Time;\r
+ EFI_TIME NewTime;\r
\r
X509DataSize = 0;\r
DbSize = 0;\r
DataSize = DbSize;\r
}\r
\r
- Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data);\r
+ Status = GetCurrentTime (&NewTime);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data, &NewTime);\r
if (EFI_ERROR (Status)) {\r
goto ON_EXIT;\r
}\r
UINTN SigDBSize;\r
UINT32 Attr;\r
WIN_CERTIFICATE_UEFI_GUID *GuidCertData;\r
+ EFI_TIME Time;\r
\r
Data = NULL;\r
GuidCertData = NULL;\r
\r
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS\r
| EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
- Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&SigDBSize, (UINT8 **)&Data, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r
UINT32 KekDataSize;\r
UINTN DeleteKekIndex;\r
UINTN GuidIndex;\r
+ EFI_TIME Time;\r
\r
Data = NULL;\r
OldData = NULL;\r
\r
DataSize = Offset;\r
if ((Attr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
- Status = CreateTimeBasedPayload (&DataSize, &OldData);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&DataSize, &OldData, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r
BOOLEAN IsItemFound;\r
UINT32 ItemDataSize;\r
UINTN GuidIndex;\r
+ EFI_TIME Time;\r
\r
Data = NULL;\r
OldData = NULL;\r
\r
DataSize = Offset;\r
if ((Attr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
- Status = CreateTimeBasedPayload (&DataSize, &OldData);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&DataSize, &OldData, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r
UINTN Offset;\r
UINT8 *VariableData;\r
UINT8 *NewVariableData;\r
+ EFI_TIME Time;\r
\r
Status = EFI_SUCCESS;\r
VariableAttr = 0;\r
}\r
\r
if ((VariableAttr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
- Status = CreateTimeBasedPayload (&VariableDataSize, &NewVariableData);\r
+ Status = GetCurrentTime (&Time);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to fetch valid time data: %r", Status));\r
+ goto ON_EXIT;\r
+ }\r
+\r
+ Status = CreateTimeBasedPayload (&VariableDataSize, &NewVariableData, &Time);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
goto ON_EXIT;\r