1) Update code to use PcdFixedUsbCredentialProviderTokenFileName and PcdMaxVariableSize as patchable PCD instead of FixedAtBuild PCD.

2) Correct a typo in file comments of Tpm12Ownership.c Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong, Guo <guo.dong@intel.com> Reviewed-by: Gao, Liming <liming.gao@intel.com> Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15811 6f19259b-4bc3-4df7-8a09-765794883524
author: Dong, Guo <guo.dong@intel.com> 2014-08-15 08:10:55 +0000
committer: gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524> 2014-08-15 08:10:55 +0000
commit: 4ccef56102cc104ad0bc881f5312f84fb4e569ef (patch)
tree: 4905f550624566ce1b4b56a3fe9c41058e332d3d
parent: a4faf336ea8e87d0b46e54ea64ce19c8574b69e5 (diff)
6 files changed, 41 insertions, 21 deletions
diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
index 63cc174a8..5ca1323c3 100644
--- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
+++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
@@ -1,7 +1,7 @@
 /** @file
-  Implement TPM1.2 Startup related command.
+  Implement TPM1.2 Ownership related command.
 
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 68ac464ac..1d44095af 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -216,10 +216,6 @@
   # IMAGE_FROM_FIXED_MEDIA                0x00000010
   gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004
   
-  ## The token file name used to save credential in USB credential provider driver.
-  #  The specified file should be saved at the root directory of USB storage disk.
-  gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005
-
   ## The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable.
   gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005  
 
@@ -229,6 +225,12 @@
   #  If 1, TCG platform type is server.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006
 
+[PcdsFixedAtBuild, PcdsPatchableInModule]
+  ## Null-terminated Unicode string of the file name that is the default name to save USB credential.
+  #  The specified file should be saved at the root directory of USB storage disk.
+  # @Prompt File name to save credential.
+  gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005
+  
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## This PCD indicates the presence or absence of the platform operator.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001
diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
index 046a50052..f623f4830 100644
--- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
+++ b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
@@ -478,7 +478,7 @@ GetToken (
 
   BufSize = 0;
   Buffer  = NULL;
-  TokenFile = FixedPcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
+  TokenFile = PcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
   Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize);
   if (EFI_ERROR (Status)) {
     DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status));
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 2663dbe06..96b1f403c 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -32,9 +32,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 ///
 /// Global database array for scratch
 ///
-UINT8    mPubKeyStore[MAX_KEYDB_SIZE];
+UINT8    *mPubKeyStore;
 UINT32   mPubKeyNumber;
-UINT8    mCertDbStore[MAX_CERTDB_SIZE];
+UINT32   mMaxKeyNumber;
+UINT32   mMaxKeyDbSize;
+UINT8    *mCertDbStore;
+UINT32   mMaxCertDbSize;
 UINT32   mPlatformMode;
 UINT8    mVendorKeyState;
 
@@ -184,6 +187,25 @@ AutenticatedVariableServiceInitialize (
   }
 
   //
+  // Reserve runtime buffer for public key database. The size excludes variable header and name size.
+  //
+  mMaxKeyDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME);
+  mMaxKeyNumber = mMaxKeyDbSize / EFI_CERT_TYPE_RSA2048_SIZE;
+  mPubKeyStore  = AllocateRuntimePool (mMaxKeyDbSize);
+  if (mPubKeyStore == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Reserve runtime buffer for certificate database. The size excludes variable header and name size.
+  //
+  mMaxCertDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME);
+  mCertDbStore   = AllocateRuntimePool (mMaxCertDbSize);
+  if (mCertDbStore == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
   // Prepare runtime buffer for serialized data of time-based authenticated
   // Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).
   //
@@ -503,7 +525,7 @@ AddPubKeyInStore (
     //
     // Add public key in database.
     //
-    if (mPubKeyNumber == MAX_KEY_NUM) {
+    if (mPubKeyNumber == mMaxKeyNumber) {
       //
       // Public key dadatase is full, try to reclaim invalid key.
       //
@@ -545,7 +567,7 @@ AddPubKeyInStore (
       CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
       mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
 
-      if (mPubKeyNumber == MAX_KEY_NUM) {
+      if (mPubKeyNumber == mMaxKeyNumber) {
         return 0;
       }     
     }
@@ -1996,7 +2018,7 @@ InsertCertsToDb (
   NameSize      = (UINT32) StrLen (VariableName);
   CertNodeSize  = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); 
   NewCertDbSize = (UINT32) DataSize + CertNodeSize;
-  if (NewCertDbSize > MAX_CERTDB_SIZE) {
+  if (NewCertDbSize > mMaxCertDbSize) {
     return EFI_OUT_OF_RESOURCES;
   }
   NewCertDb     = (UINT8*) mCertDbStore;
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
index 745e3c7d8..6ebc77707 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
@@ -2,7 +2,7 @@
   The internal header file includes the common header files, defines
   internal structure and functions used by AuthService module.
 
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -38,18 +38,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define AUTHVAR_KEYDB_NAME      L"AuthVarKeyDatabase"
 
 ///
-/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
-///
-#define MAX_KEYDB_SIZE  (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME))
-#define MAX_KEY_NUM     (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
-
-///
 /// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
 /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
 /// 
 ///
 #define EFI_CERT_DB_NAME        L"certdb"
-#define MAX_CERTDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME))
 
 ///
 /// Struct to record signature requirement defined by UEFI spec.
@@ -326,7 +319,8 @@ VerifyTimeBasedPayload (
   OUT    BOOLEAN                            *VarDel
   );
 
-extern UINT8  mPubKeyStore[MAX_KEYDB_SIZE];
+extern UINT8  *mPubKeyStore;
+extern UINT8  *mCertDbStore;
 extern UINT32 mPubKeyNumber;
 extern VOID   *mHashCtx;
 extern UINT8  *mSerializationRuntimeBuffer;
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
index 949fb6424..d8910b76f 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
@@ -243,6 +243,8 @@ VariableClassAddressChangeEvent (
   EfiConvertPointer (0x0, (VOID **) &mHashCtx);
   EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer);
   EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
+  EfiConvertPointer (0x0, (VOID **) &mPubKeyStore);
+  EfiConvertPointer (0x0, (VOID **) &mCertDbStore);
 
   //
   // in the list of locked variables, convert the name pointers first
author	Dong, Guo <guo.dong@intel.com>	2014-08-15 08:10:55 +0000
committer	gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>	2014-08-15 08:10:55 +0000
commit	4ccef56102cc104ad0bc881f5312f84fb4e569ef (patch)
tree	4905f550624566ce1b4b56a3fe9c41058e332d3d
parent	a4faf336ea8e87d0b46e54ea64ce19c8574b69e5 (diff)