1. Correct the counter-based hash algorithm according to UEFI spec.

2. Check the reserverd bit in variable attribute. 3. Return EFI_OUT_OF_RESOURCE instead of EFI_SECURITY_VIOLATION if there is not enough speace to store the public key. 4. Fix a bug when deleting a non-existent time-based auth variable, we store the certificate into cert DB incorrectly. 5. Fix a bug that time-based auth variable can't been updated again after append operation. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13957 6f19259b-4bc3-4df7-8a09-765794883524
author: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> 2012-11-21 08:06:02 +0000
committer: sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> 2012-11-21 08:06:02 +0000
commit: 275beb2b53898e91ea92afe96fa56f0ab91b997f (patch)
tree: 01121fd8c2979688a24a8ec9d6d2b91f76265790 /SecurityPkg
parent: d316f1dca11240e70a2441cb4cc5fbbc0d6efe87 (diff)
3 files changed, 29 insertions, 5 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 6576e681c..64ce968ac 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -526,7 +526,9 @@ VerifyCounterBasedPayload (
   EFI_CERT_BLOCK_RSA_2048_SHA256  *CertBlock;
   UINT8                           Digest[SHA256_DIGEST_SIZE];
   VOID                            *Rsa;
-
+  UINTN                           PayloadSize;
+  
+  PayloadSize = DataSize - AUTHINFO_SIZE;
   Rsa         = NULL;
   CertData    = NULL;
   CertBlock   = NULL;
@@ -558,7 +560,14 @@ VerifyCounterBasedPayload (
   if (!Status) {
     goto Done;
   }
-  Status  = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, (UINTN) (DataSize - AUTHINFO_SIZE));
+  Status  = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, PayloadSize);
+  if (!Status) {
+    goto Done;
+  }
+  //
+  // Hash Size.
+  //
+  Status  = Sha256Update (mHashCtx, &PayloadSize, sizeof (UINTN));
   if (!Status) {
     goto Done;
   }
@@ -1099,6 +1108,7 @@ ProcessVarWithKek (
   @return EFI_INVALID_PARAMETER           Invalid parameter.
   @return EFI_WRITE_PROTECTED             Variable is write-protected and needs authentication with
                                           EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+  @return EFI_OUT_OF_RESOURCES            The Database to save the public key is full.
   @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
                                           set, but the AuthInfo does NOT pass the validation
                                           check carried out by the firmware.
@@ -1253,7 +1263,7 @@ ProcessVariable (
     //
     KeyIndex = AddPubKeyInStore (PubKey);
     if (KeyIndex == 0) {
-      return EFI_SECURITY_VIOLATION;
+      return EFI_OUT_OF_RESOURCES;
     }
   }
 
@@ -2155,13 +2165,13 @@ VerifyTimeBasedPayload (
     //
     // Delete signer's certificates when delete the common authenticated variable.
     //
-    if ((PayloadSize == 0) && (Variable->CurrPtr != NULL)) {
+    if ((PayloadSize == 0) && (Variable->CurrPtr != NULL) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
       Status = DeleteCertsFromDb (VariableName, VendorGuid);
       if (EFI_ERROR (Status)) {
         VerifyStatus = FALSE;
         goto Exit;
       }
-    } else if (Variable->CurrPtr == NULL) {
+    } else if (Variable->CurrPtr == NULL && PayloadSize != 0) {
       //
       // Insert signer's certificates when adding a new common authenticated variable.
       //
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index 07fe99bee..e683783fa 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2281,6 +2281,13 @@ VariableServiceSetVariable (
   }
 
   //
+  // Check for reserverd bit in variable attribute.
+  //
+  if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) != 0) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
   //  Make sure if runtime bit is set, boot service bit is set also.
   //
   if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
index 14a0744a5..563485f92 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
@@ -43,6 +43,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Guid/HardwareErrorVariable.h>
 
 #define VARIABLE_RECLAIM_THRESHOLD (1024)
+#define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE | \
+                                      EFI_VARIABLE_BOOTSERVICE_ACCESS | \
+                                      EFI_VARIABLE_RUNTIME_ACCESS | \
+                                      EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
+                                      EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
+                                      EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
+                                      EFI_VARIABLE_APPEND_WRITE)
 
 ///
 /// The size of a 3 character ISO639 language code.
author	sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>	2012-11-21 08:06:02 +0000
committer	sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>	2012-11-21 08:06:02 +0000
commit	275beb2b53898e91ea92afe96fa56f0ab91b997f (patch)
tree	01121fd8c2979688a24a8ec9d6d2b91f76265790 /SecurityPkg
parent	d316f1dca11240e70a2441cb4cc5fbbc0d6efe87 (diff)