Fix a bug that the invalid public key will never be removed from public key database.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14041 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5
2013-01-09 05:09:39 +00:00
parent 8b5b3d421f
commit 83758cdc84
3 changed files with 398 additions and 104 deletions

View File

@@ -15,7 +15,7 @@
They will do basic validation for authentication data structure, then call crypto library
to verify the signature.
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -437,6 +437,8 @@ AddPubKeyInStore (
UINT32 Index;
VARIABLE_POINTER_TRACK Variable;
UINT8 *Ptr;
UINT8 *Data;
UINTN DataSize;
if (PubKey == NULL) {
return 0;
@@ -468,9 +470,45 @@ AddPubKeyInStore (
//
if (mPubKeyNumber == MAX_KEY_NUM) {
//
// Notes: Database is full, need enhancement here, currently just return 0.
// Public key dadatase is full, try to reclaim invalid key.
//
return 0;
if (AtRuntime ()) {
//
// NV storage can't reclaim at runtime.
//
return 0;
}
Status = Reclaim (
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
&mVariableModuleGlobal->NonVolatileLastVariableOffset,
FALSE,
NULL,
TRUE,
TRUE
);
if (EFI_ERROR (Status)) {
return 0;
}
Status = FindVariable (
AUTHVAR_KEYDB_NAME,
&gEfiAuthenticatedVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
ASSERT_EFI_ERROR (Status);
DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
if (mPubKeyNumber == MAX_KEY_NUM) {
return 0;
}
}
CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);