SecurityPkg: AuthVariableLib: Add new cert database for volatile time based Auth variable
Add a new cert data base "certdbv" to store signer certs for volatile time based Auth variable. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19786 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -11,7 +11,7 @@
|
||||
may not be modified without authorization. If platform fails to protect these resources,
|
||||
the authentication service provided in this driver will be broken, and the behavior is undefined.
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -98,6 +98,17 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
|
||||
MAX_UINTN
|
||||
}
|
||||
},
|
||||
{
|
||||
&gEfiCertDbGuid,
|
||||
EFI_CERT_DB_VOLATILE_NAME,
|
||||
{
|
||||
VAR_CHECK_VARIABLE_PROPERTY_REVISION,
|
||||
VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
|
||||
VARIABLE_ATTRIBUTE_BS_RT_AT,
|
||||
sizeof (UINT32),
|
||||
MAX_UINTN
|
||||
}
|
||||
},
|
||||
{
|
||||
&gEdkiiSecureBootModeGuid,
|
||||
L"SecureBootMode",
|
||||
@@ -172,8 +183,9 @@ AuthVariableLibInitialize (
|
||||
|
||||
//
|
||||
// Reserve runtime buffer for certificate database. The size excludes variable header and name size.
|
||||
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
|
||||
//
|
||||
mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_NAME));
|
||||
mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
|
||||
mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
|
||||
if (mCertDbStore == NULL) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
@@ -288,6 +300,22 @@ AuthVariableLibInitialize (
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Create "certdbv" variable with RT+BS+AT set.
|
||||
//
|
||||
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
|
||||
ListSize = sizeof (UINT32);
|
||||
Status = AuthServiceInternalUpdateVariable (
|
||||
EFI_CERT_DB_VOLATILE_NAME,
|
||||
&gEfiCertDbGuid,
|
||||
&ListSize,
|
||||
sizeof (UINT32),
|
||||
VarAttr
|
||||
);
|
||||
if (EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
|
||||
//
|
||||
// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
|
||||
//
|
||||
|
Reference in New Issue
Block a user