SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.

V3: code clean up prohibit Image SHA-1 hash option in SecureBootConfigDxe. Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
2017-01-05 14:58:05 +08:00
parent 80e63e846a
commit c035e37335
4 changed files with 35 additions and 18 deletions
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -2,7 +2,7 @@
  The header file of HII Config Access protocol implementation of SecureBoot
  configuration module.

-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -67,10 +67,7 @@ extern  EFI_IFR_GUID_LABEL         *mEndLabel;
 #define MAX_CHAR              480
 #define TWO_BYTE_ENCODE       0x82

-//
-// SHA-1 digest size in bytes.
-//
-#define SHA1_DIGEST_SIZE    20
+
 //
 // SHA-256 digest size in bytes
 //
@@ -94,7 +91,6 @@ extern  EFI_IFR_GUID_LABEL         *mEndLabel;
 //
 // Support hash types
 //
-#define HASHALG_SHA1                           0x00000000
 #define HASHALG_SHA224                         0x00000001
 #define HASHALG_SHA256                         0x00000002
 #define HASHALG_SHA384                         0x00000003