Fix a bug that the invalid public key will never be removed from public key database.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14041 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -15,7 +15,7 @@
|
||||
They will do basic validation for authentication data structure, then call crypto library
|
||||
to verify the signature.
|
||||
|
||||
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -437,6 +437,8 @@ AddPubKeyInStore (
|
||||
UINT32 Index;
|
||||
VARIABLE_POINTER_TRACK Variable;
|
||||
UINT8 *Ptr;
|
||||
UINT8 *Data;
|
||||
UINTN DataSize;
|
||||
|
||||
if (PubKey == NULL) {
|
||||
return 0;
|
||||
@@ -468,9 +470,45 @@ AddPubKeyInStore (
|
||||
//
|
||||
if (mPubKeyNumber == MAX_KEY_NUM) {
|
||||
//
|
||||
// Notes: Database is full, need enhancement here, currently just return 0.
|
||||
// Public key dadatase is full, try to reclaim invalid key.
|
||||
//
|
||||
return 0;
|
||||
if (AtRuntime ()) {
|
||||
//
|
||||
// NV storage can't reclaim at runtime.
|
||||
//
|
||||
return 0;
|
||||
}
|
||||
|
||||
Status = Reclaim (
|
||||
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
|
||||
&mVariableModuleGlobal->NonVolatileLastVariableOffset,
|
||||
FALSE,
|
||||
NULL,
|
||||
TRUE,
|
||||
TRUE
|
||||
);
|
||||
if (EFI_ERROR (Status)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
Status = FindVariable (
|
||||
AUTHVAR_KEYDB_NAME,
|
||||
&gEfiAuthenticatedVariableGuid,
|
||||
&Variable,
|
||||
&mVariableModuleGlobal->VariableGlobal,
|
||||
FALSE
|
||||
);
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
|
||||
DataSize = DataSizeOfVariable (Variable.CurrPtr);
|
||||
Data = GetVariableDataPtr (Variable.CurrPtr);
|
||||
ASSERT ((DataSize != 0) && (Data != NULL));
|
||||
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
|
||||
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
|
||||
|
||||
if (mPubKeyNumber == MAX_KEY_NUM) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
|
||||
|
Reference in New Issue
Block a user