Calculate enough space for 2 variables (public key and variable data) instead of directly setting them 1 by 1.

Fixed a bug in public key reclaim(). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Zeng, Star <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15404 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-27 10:54:23 +00:00
parent 2c775600d5
commit 9a12e5825a
5 changed files with 106 additions and 75 deletions
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -456,16 +456,19 @@ AutenticatedVariableServiceInitialize (
 **/
 UINT32
 AddPubKeyInStore (
-  IN  UINT8               *PubKey
+  IN  UINT8                        *PubKey,
+  IN  VARIABLE_ENTRY_CONSISTENCY   *VariableDataEntry
  )
 {
-  EFI_STATUS              Status;
-  BOOLEAN                 IsFound;
-  UINT32                  Index;
-  VARIABLE_POINTER_TRACK  Variable;
-  UINT8                   *Ptr;
-  UINT8                   *Data;
-  UINTN                   DataSize;
+  EFI_STATUS                       Status;
+  BOOLEAN                          IsFound;
+  UINT32                           Index;
+  VARIABLE_POINTER_TRACK           Variable;
+  UINT8                            *Ptr;
+  UINT8                            *Data;
+  UINTN                            DataSize;
+  VARIABLE_ENTRY_CONSISTENCY       PublicKeyEntry;
+  UINT32                           Attributes;

  if (PubKey == NULL) {
    return 0;
@@ -546,6 +549,21 @@ AddPubKeyInStore (
      }     
    }

+    //
+    // Check the variable space for both public key and variable data.
+    //
+    PublicKeyEntry.VariableSize = (mPubKeyNumber + 1) * EFI_CERT_TYPE_RSA2048_SIZE;
+    PublicKeyEntry.Guid         = &gEfiAuthenticatedVariableGuid;
+    PublicKeyEntry.Name         = AUTHVAR_KEYDB_NAME;
+    Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
+
+    if (!CheckRemainingSpaceForConsistency (Attributes, &PublicKeyEntry, VariableDataEntry, NULL)) {
+      //
+      // No enough variable space.
+      //
+      return 0;
+    }
+
    CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
    Index = ++mPubKeyNumber;
    //
@@ -556,7 +574,7 @@ AddPubKeyInStore (
               &gEfiAuthenticatedVariableGuid,
               mPubKeyStore,
               mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE,
-               EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,
+               Attributes,
               0,
               0,
               &Variable,
@@ -1271,6 +1289,7 @@ ProcessVariable (
  EFI_CERT_BLOCK_RSA_2048_SHA256  *CertBlock;
  UINT32                          KeyIndex;
  UINT64                          MonotonicCount;
+  VARIABLE_ENTRY_CONSISTENCY      VariableDataEntry;

  KeyIndex    = 0;
  CertData    = NULL;
@@ -1396,10 +1415,14 @@ ProcessVariable (
  // Now, the signature has been verified!
  //
  if (IsFirstTime && !IsDeletion) {
+    VariableDataEntry.VariableSize = DataSize - AUTHINFO_SIZE;
+    VariableDataEntry.Guid         = VendorGuid;
+    VariableDataEntry.Name         = VariableName;
+
    //
    // Update public key database variable if need.
    //
-    KeyIndex = AddPubKeyInStore (PubKey);
+    KeyIndex = AddPubKeyInStore (PubKey, &VariableDataEntry);
    if (KeyIndex == 0) {
      return EFI_OUT_OF_RESOURCES;
    }