SecurityPkg: Make time based AuthVariable update atomic
System may break during time based AuthVariable update, causing certdb inconsistent. 2 ways are used to ensure update atomic. 1. Delete cert in certdb after variable is deleted 2. Clean up certdb on variable initialization Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17919 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -186,6 +186,22 @@ DeleteCertsFromDb (
|
||||
IN EFI_GUID *VendorGuid
|
||||
);
|
||||
|
||||
/**
|
||||
Clean up signer's certificates for common authenticated variable
|
||||
by corresponding VariableName and VendorGuid from "certdb".
|
||||
Sytem may break down during Timebased Variable update & certdb update,
|
||||
make them inconsistent, this function is called in AuthVariable Init to ensure
|
||||
consistency
|
||||
|
||||
@retval EFI_NOT_FOUND Fail to find matching certs.
|
||||
@retval EFI_SUCCESS Find matching certs and output parameters.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
CleanCertsFromDb (
|
||||
VOID
|
||||
);
|
||||
|
||||
/**
|
||||
Filter out the duplicated EFI_SIGNATURE_DATA from the new data by comparing to the original data.
|
||||
|
||||
|
Reference in New Issue
Block a user