1. Correct the counter-based hash algorithm according to UEFI spec.

2. Check the reserverd bit in variable attribute. 3. Return EFI_OUT_OF_RESOURCE instead of EFI_SECURITY_VIOLATION if there is not enough speace to store the public key. 4. Fix a bug when deleting a non-existent time-based auth variable, we store the certificate into cert DB incorrectly. 5. Fix a bug that time-based auth variable can't been updated again after append operation. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13957 6f19259b-4bc3-4df7-8a09-765794883524
2012-11-21 08:06:02 +00:00
parent d316f1dca1
commit 275beb2b53
3 changed files with 29 additions and 5 deletions
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2280,6 +2280,13 @@ VariableServiceSetVariable (
    return EFI_INVALID_PARAMETER;
  }

+  //
+  // Check for reserverd bit in variable attribute.
+  //
+  if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) != 0) {
+    return EFI_INVALID_PARAMETER;
+  }
+
  //
  //  Make sure if runtime bit is set, boot service bit is set also.
  //