summaryrefslogtreecommitdiffstats
path: root/NetworkPkg/TlsAuthConfigDxe
diff options
context:
space:
mode:
authorLaszlo Ersek <lersek@redhat.com>2018-03-22 16:50:55 +0100
committerLaszlo Ersek <lersek@redhat.com>2018-03-28 13:07:36 +0200
commitb90c335fbbb674470fbf09601cc522bf61564c30 (patch)
treea9bccc99f68c6e016641dc0467a9d67d4465406c /NetworkPkg/TlsAuthConfigDxe
parent0fd13678a6818c1bc241b21f83a3013b17a55a25 (diff)
downloadedk2-b90c335fbbb674470fbf09601cc522bf61564c30.tar.gz
edk2-b90c335fbbb674470fbf09601cc522bf61564c30.tar.bz2
edk2-b90c335fbbb674470fbf09601cc522bf61564c30.zip
NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable attributes
If the platform creates the "TlsCaCertificate" variable as volatile, then EnrollX509toVariable() shouldn't fail to extend it just because TLS_AUTH_CONFIG_VAR_BASE_ATTR contains the EFI_VARIABLE_NON_VOLATILE attribute. Thus, if the variable exists, add the EFI_VARIABLE_APPEND_WRITE attribute to the variable's current attributes. This is what DeleteCert() does already. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Diffstat (limited to 'NetworkPkg/TlsAuthConfigDxe')
-rw-r--r--NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
index faefc72d0e..cbdd5f0664 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
@@ -813,6 +813,7 @@ EnrollX509toVariable (
CACert = NULL;
CACertData = NULL;
Data = NULL;
+ Attr = 0;
Status = ReadFileContent (
Private->FileContext->FHandle,
@@ -847,22 +848,22 @@ EnrollX509toVariable (
CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);
//
- // Check if signature database entry has been already existed.
- // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
- // new signature data to original variable
+ // Check if the signature database entry already exists. If it does, use the
+ // EFI_VARIABLE_APPEND_WRITE attribute to append the new signature data to
+ // the original variable, plus preserve the original variable attributes.
//
- Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
-
Status = gRT->GetVariable(
VariableName,
&gEfiTlsCaCertificateGuid,
- NULL,
+ &Attr,
&DataSize,
NULL
);
if (Status == EFI_BUFFER_TOO_SMALL) {
Attr |= EFI_VARIABLE_APPEND_WRITE;
- } else if (Status != EFI_NOT_FOUND) {
+ } else if (Status == EFI_NOT_FOUND) {
+ Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
+ } else {
goto ON_EXIT;
}