SecurityPkg: Make time based AuthVariable update atomic

System may break during time based AuthVariable update, causing certdb inconsistent. 2 ways are used to ensure update atomic.
 1. Delete cert in certdb after variable is deleted
 2. Clean up certdb on variable initialization

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17919 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Chao Zhang
2015-07-10 06:20:04 +00:00
committed by czhang46
parent cfa451c84a
commit 64b6a3ff4a
3 changed files with 170 additions and 30 deletions

View File

@@ -186,6 +186,22 @@ DeleteCertsFromDb (
IN EFI_GUID *VendorGuid
);
/**
Clean up signer's certificates for common authenticated variable
by corresponding VariableName and VendorGuid from "certdb".
Sytem may break down during Timebased Variable update & certdb update,
make them inconsistent, this function is called in AuthVariable Init to ensure
consistency
@retval EFI_NOT_FOUND Fail to find matching certs.
@retval EFI_SUCCESS Find matching certs and output parameters.
**/
EFI_STATUS
CleanCertsFromDb (
VOID
);
/**
Filter out the duplicated EFI_SIGNATURE_DATA from the new data by comparing to the original data.