diff options
author | Laszlo Ersek <lersek@redhat.com> | 2018-03-22 16:50:55 +0100 |
---|---|---|
committer | Laszlo Ersek <lersek@redhat.com> | 2018-03-28 13:07:36 +0200 |
commit | b90c335fbbb674470fbf09601cc522bf61564c30 (patch) | |
tree | a9bccc99f68c6e016641dc0467a9d67d4465406c /NetworkPkg/TlsAuthConfigDxe | |
parent | 0fd13678a6818c1bc241b21f83a3013b17a55a25 (diff) | |
download | edk2-b90c335fbbb674470fbf09601cc522bf61564c30.tar.gz edk2-b90c335fbbb674470fbf09601cc522bf61564c30.tar.bz2 edk2-b90c335fbbb674470fbf09601cc522bf61564c30.zip |
NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable attributes
If the platform creates the "TlsCaCertificate" variable as volatile, then
EnrollX509toVariable() shouldn't fail to extend it just because
TLS_AUTH_CONFIG_VAR_BASE_ATTR contains the EFI_VARIABLE_NON_VOLATILE
attribute.
Thus, if the variable exists, add the EFI_VARIABLE_APPEND_WRITE attribute
to the variable's current attributes. This is what DeleteCert() does
already.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Diffstat (limited to 'NetworkPkg/TlsAuthConfigDxe')
-rw-r--r-- | NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c index faefc72d0e..cbdd5f0664 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c @@ -813,6 +813,7 @@ EnrollX509toVariable ( CACert = NULL;
CACertData = NULL;
Data = NULL;
+ Attr = 0;
Status = ReadFileContent (
Private->FileContext->FHandle,
@@ -847,22 +848,22 @@ EnrollX509toVariable ( CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);
//
- // Check if signature database entry has been already existed.
- // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
- // new signature data to original variable
+ // Check if the signature database entry already exists. If it does, use the
+ // EFI_VARIABLE_APPEND_WRITE attribute to append the new signature data to
+ // the original variable, plus preserve the original variable attributes.
//
- Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
-
Status = gRT->GetVariable(
VariableName,
&gEfiTlsCaCertificateGuid,
- NULL,
+ &Attr,
&DataSize,
NULL
);
if (Status == EFI_BUFFER_TOO_SMALL) {
Attr |= EFI_VARIABLE_APPEND_WRITE;
- } else if (Status != EFI_NOT_FOUND) {
+ } else if (Status == EFI_NOT_FOUND) {
+ Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
+ } else {
goto ON_EXIT;
}
|