]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0fd1367)
NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable attributes
authorLaszlo Ersek <lersek@redhat.com>
Thu, 22 Mar 2018 15:50:55 +0000 (16:50 +0100)
committerLaszlo Ersek <lersek@redhat.com>
Wed, 28 Mar 2018 11:07:36 +0000 (13:07 +0200)
If the platform creates the "TlsCaCertificate" variable as volatile, then
EnrollX509toVariable() shouldn't fail to extend it just because
TLS_AUTH_CONFIG_VAR_BASE_ATTR contains the EFI_VARIABLE_NON_VOLATILE
attribute.

Thus, if the variable exists, add the EFI_VARIABLE_APPEND_WRITE attribute
to the variable's current attributes. This is what DeleteCert() does
already.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c patch | blob | blame | history

diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
index faefc72d0efa952a571703e74b8f9a948698b521..cbdd5f0664bd64145ca71fdad582895023831a27 100644 (file)
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
@@ -813,6 +813,7 @@ EnrollX509toVariable (
   CACert        = NULL;\r
   CACertData    = NULL;\r
   Data          = NULL;\r
+  Attr          = 0;\r
 \r
   Status = ReadFileContent (\r
              Private->FileContext->FHandle,\r
@@ -847,22 +848,22 @@ EnrollX509toVariable (
   CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);\r
 \r
   //\r
-  // Check if signature database entry has been already existed.\r
-  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the\r
-  // new signature data to original variable\r
+  // Check if the signature database entry already exists. If it does, use the\r
+  // EFI_VARIABLE_APPEND_WRITE attribute to append the new signature data to\r
+  // the original variable, plus preserve the original variable attributes.\r
   //\r
-  Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;\r
-\r
   Status = gRT->GetVariable(\r
                   VariableName,\r
                   &gEfiTlsCaCertificateGuid,\r
-                  NULL,\r
+                  &Attr,\r
                   &DataSize,\r
                   NULL\r
                   );\r
   if (Status == EFI_BUFFER_TOO_SMALL) {\r
     Attr |= EFI_VARIABLE_APPEND_WRITE;\r
-  } else if (Status != EFI_NOT_FOUND) {\r
+  } else if (Status == EFI_NOT_FOUND) {\r
+    Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;\r
+  } else {\r
     goto ON_EXIT;\r
   }\r
 \r
EFI Development Kit II mirror for PVE