EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;\r
UINT8 Digest[SHA256_DIGEST_SIZE];\r
VOID *Rsa;\r
-\r
+ UINTN PayloadSize;\r
+ \r
+ PayloadSize = DataSize - AUTHINFO_SIZE;\r
Rsa = NULL;\r
CertData = NULL;\r
CertBlock = NULL;\r
if (!Status) {\r
goto Done;\r
}\r
- Status = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, (UINTN) (DataSize - AUTHINFO_SIZE));\r
+ Status = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, PayloadSize);\r
+ if (!Status) {\r
+ goto Done;\r
+ }\r
+ //\r
+ // Hash Size.\r
+ //\r
+ Status = Sha256Update (mHashCtx, &PayloadSize, sizeof (UINTN));\r
if (!Status) {\r
goto Done;\r
}\r
@return EFI_INVALID_PARAMETER Invalid parameter.\r
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with\r
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
+ @return EFI_OUT_OF_RESOURCES The Database to save the public key is full.\r
@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
set, but the AuthInfo does NOT pass the validation\r
check carried out by the firmware.\r
//\r
KeyIndex = AddPubKeyInStore (PubKey);\r
if (KeyIndex == 0) {\r
- return EFI_SECURITY_VIOLATION;\r
+ return EFI_OUT_OF_RESOURCES;\r
}\r
}\r
\r
//\r
// Delete signer's certificates when delete the common authenticated variable.\r
//\r
- if ((PayloadSize == 0) && (Variable->CurrPtr != NULL)) {\r
+ if ((PayloadSize == 0) && (Variable->CurrPtr != NULL) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {\r
Status = DeleteCertsFromDb (VariableName, VendorGuid);\r
if (EFI_ERROR (Status)) {\r
VerifyStatus = FALSE;\r
goto Exit;\r
}\r
- } else if (Variable->CurrPtr == NULL) {\r
+ } else if (Variable->CurrPtr == NULL && PayloadSize != 0) {\r
//\r
// Insert signer's certificates when adding a new common authenticated variable.\r
//\r
#include <Guid/HardwareErrorVariable.h>\r
\r
#define VARIABLE_RECLAIM_THRESHOLD (1024)\r
+#define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE | \\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | \\r
+ EFI_VARIABLE_RUNTIME_ACCESS | \\r
+ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \\r
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \\r
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \\r
+ EFI_VARIABLE_APPEND_WRITE)\r
\r
///\r
/// The size of a 3 character ISO639 language code.\r