From f6e233534e1523823ccc0cec40a54d9459850143 Mon Sep 17 00:00:00 2001 From: sfu5 Date: Thu, 23 Aug 2012 06:53:51 +0000 Subject: [PATCH] 1. Initialize certdb variable with correct value of list size. 2. Use gloable database array instead of calling AllocateZeroPool in SetVariable. Signed-off-by: Fu Siyuan Reviewed-by: Ye Ting Reviewed-by: Dong Guo git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13671 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Guid/AuthenticatedVariableFormat.h | 9 --------- .../RuntimeDxe/AuthService.c | 20 +++++++++---------- .../RuntimeDxe/AuthService.h | 13 ++++++++++-- 3 files changed, 20 insertions(+), 22 deletions(-) diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h index da71e774ef..46420406a7 100644 --- a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h +++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h @@ -51,15 +51,6 @@ extern EFI_GUID gEfiCustomModeEnableGuid; #define CUSTOM_SECURE_BOOT_MODE 1 #define STANDARD_SECURE_BOOT_MODE 0 -/// -/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX -/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. -/// -/// -#define EFI_CERT_DB_NAME L"certdb" - -extern EFI_GUID gEfiCertDbGuid; - /// /// Alignment of variable name and data, according to the architecture: /// * For IA-32 and Intel(R) 64 architectures: 1. diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 09c58db985..fd5bf12bba 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /// UINT8 mPubKeyStore[MAX_KEYDB_SIZE]; UINT32 mPubKeyNumber; +UINT8 mCertDbStore[MAX_CERTDB_SIZE]; UINT32 mPlatformMode; EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID}; // @@ -398,7 +399,7 @@ AutenticatedVariableServiceInitialize ( if (Variable.CurrPtr == NULL) { VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - ListSize = 0; + ListSize = sizeof (UINT32); Status = UpdateVariable ( EFI_CERT_DB_NAME, &gEfiCertDbGuid, @@ -410,7 +411,9 @@ AutenticatedVariableServiceInitialize ( &Variable, NULL ); - + if (EFI_ERROR (Status)) { + return Status; + } } return Status; @@ -1664,10 +1667,7 @@ DeleteCertsFromDb ( // Construct new data content of variable "certdb". // NewCertDbSize = (UINT32) DataSize - CertNodeSize; - NewCertDb = AllocateZeroPool (NewCertDbSize); - if (NewCertDb == NULL) { - return EFI_OUT_OF_RESOURCES; - } + NewCertDb = (UINT8*) mCertDbStore; // // Copy the DB entries before deleting node. @@ -1704,7 +1704,6 @@ DeleteCertsFromDb ( NULL ); - FreePool (NewCertDb); return Status; } @@ -1793,11 +1792,11 @@ InsertCertsToDb ( // NameSize = (UINT32) StrLen (VariableName); CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); - NewCertDbSize = (UINT32) DataSize + CertNodeSize; - NewCertDb = AllocateZeroPool (NewCertDbSize); - if (NewCertDb == NULL) { + NewCertDbSize = (UINT32) DataSize + CertNodeSize; + if (NewCertDbSize > MAX_CERTDB_SIZE) { return EFI_OUT_OF_RESOURCES; } + NewCertDb = (UINT8*) mCertDbStore; // // Copy the DB entries before deleting node. @@ -1844,7 +1843,6 @@ InsertCertsToDb ( NULL ); - FreePool (NewCertDb); return Status; } diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h index e7a9a1f556..1f62383aed 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h @@ -36,14 +36,23 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /// "AuthVarKeyDatabase" variable for the Public Key store. /// #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase" -#define AUTHVAR_KEYDB_NAME_SIZE 38 /// /// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size. /// -#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE) +#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME)) #define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE) +/// +/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX +/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. +/// +/// +#define EFI_CERT_DB_NAME L"certdb" +#define MAX_CERTDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME)) + +extern EFI_GUID gEfiCertDbGuid; + /// /// Struct to record signature requirement defined by UEFI spec. /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field. -- 2.39.2