sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Make time based AuthVariable update atomic

Browse Source 
System may break during time based AuthVariable update, causing certdb inconsistent. 2 ways are used to ensure update atomic.
 1. Delete cert in certdb after variable is deleted
 2. Clean up certdb on variable initialization

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17919 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Chao Zhang
2015-07-10 06:20:04 +00:00
committed by czhang46
parent cfa451c84a
commit 64b6a3ff4a
3 changed files with 170 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
View File

@ -352,6 +352,15 @@ AuthVariableLibInitialize (
if (EFI_ERROR (Status)) {
return Status;
}
} else {
//
// Clean up Certs to make certDB & Time based auth variable consistent
//
Status = CleanCertsFromDb();
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_INFO, "Clean up CertDB fail! Status %x\n", Status));
return Status;
}
}
//