Fix a bug that the invalid public key will never be removed from public key database.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14041 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-09 05:09:39 +00:00
parent 8b5b3d421f
commit 83758cdc84
3 changed files with 398 additions and 104 deletions
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -15,7 +15,7 @@
  They will do basic validation for authentication data structure, then call crypto library
  to verify the signature.

-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -437,6 +437,8 @@ AddPubKeyInStore (
  UINT32                  Index;
  VARIABLE_POINTER_TRACK  Variable;
  UINT8                   *Ptr;
+  UINT8                   *Data;
+  UINTN                   DataSize;

  if (PubKey == NULL) {
    return 0;
@@ -468,9 +470,45 @@ AddPubKeyInStore (
    //
    if (mPubKeyNumber == MAX_KEY_NUM) {
      //
-      // Notes: Database is full, need enhancement here, currently just return 0.
+      // Public key dadatase is full, try to reclaim invalid key.
      //
-      return 0;
+      if (AtRuntime ()) {
+        //
+        // NV storage can't reclaim at runtime.
+        //
+        return 0;
+      }
+      
+      Status = Reclaim (
+                 mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
+                 &mVariableModuleGlobal->NonVolatileLastVariableOffset,
+                 FALSE,
+                 NULL,
+                 TRUE,
+                 TRUE
+                 );
+      if (EFI_ERROR (Status)) {
+        return 0;
+      }
+
+      Status = FindVariable (
+                 AUTHVAR_KEYDB_NAME,
+                 &gEfiAuthenticatedVariableGuid,
+                 &Variable,
+                 &mVariableModuleGlobal->VariableGlobal,
+                 FALSE
+                 );
+      ASSERT_EFI_ERROR (Status);
+
+      DataSize  = DataSizeOfVariable (Variable.CurrPtr);
+      Data      = GetVariableDataPtr (Variable.CurrPtr);
+      ASSERT ((DataSize != 0) && (Data != NULL));
+      CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
+      mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
+
+      if (mPubKeyNumber == MAX_KEY_NUM) {
+        return 0;
+      }     
    }

    CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);