summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Library/AuthVariableLib
diff options
context:
space:
mode:
authorMichael Kubacki <michael.kubacki@microsoft.com>2021-12-05 14:54:12 -0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2021-12-07 17:24:28 +0000
commitc411b485b63a671a1e276700cff025c73997233c (patch)
treee7a57ca51b659161ab4bc9da95e988760ec57e7a /SecurityPkg/Library/AuthVariableLib
parent39de741e2dcb8f11e9b4438e37224797643d8451 (diff)
downloadedk2-c411b485b63a671a1e276700cff025c73997233c.tar.gz
edk2-c411b485b63a671a1e276700cff025c73997233c.tar.bz2
edk2-c411b485b63a671a1e276700cff025c73997233c.zip
SecurityPkg: Apply uncrustify changes
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the SecurityPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'SecurityPkg/Library/AuthVariableLib')
-rw-r--r--SecurityPkg/Library/AuthVariableLib/AuthService.c1009
-rw-r--r--SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h109
-rw-r--r--SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c161
3 files changed, 654 insertions, 625 deletions
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 3059e5d256..054ee4d1d9 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -32,28 +32,28 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Public Exponent of RSA Key.
//
-CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
+CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
-CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 };
+CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 };
//
// Requirement for different signature type which have been defined in UEFI spec.
// These data are used to perform SignatureList format check while setting PK/KEK variable.
//
-EFI_SIGNATURE_ITEM mSupportSigItem[] = {
-//{SigType, SigHeaderSize, SigDataSize }
- {EFI_CERT_SHA256_GUID, 0, 32 },
- {EFI_CERT_RSA2048_GUID, 0, 256 },
- {EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },
- {EFI_CERT_SHA1_GUID, 0, 20 },
- {EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },
- {EFI_CERT_X509_GUID, 0, ((UINT32) ~0)},
- {EFI_CERT_SHA224_GUID, 0, 28 },
- {EFI_CERT_SHA384_GUID, 0, 48 },
- {EFI_CERT_SHA512_GUID, 0, 64 },
- {EFI_CERT_X509_SHA256_GUID, 0, 48 },
- {EFI_CERT_X509_SHA384_GUID, 0, 64 },
- {EFI_CERT_X509_SHA512_GUID, 0, 80 }
+EFI_SIGNATURE_ITEM mSupportSigItem[] = {
+ // {SigType, SigHeaderSize, SigDataSize }
+ { EFI_CERT_SHA256_GUID, 0, 32 },
+ { EFI_CERT_RSA2048_GUID, 0, 256 },
+ { EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },
+ { EFI_CERT_SHA1_GUID, 0, 20 },
+ { EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },
+ { EFI_CERT_X509_GUID, 0, ((UINT32) ~0) },
+ { EFI_CERT_SHA224_GUID, 0, 28 },
+ { EFI_CERT_SHA384_GUID, 0, 48 },
+ { EFI_CERT_SHA512_GUID, 0, 64 },
+ { EFI_CERT_X509_SHA256_GUID, 0, 48 },
+ { EFI_CERT_X509_SHA384_GUID, 0, 64 },
+ { EFI_CERT_X509_SHA512_GUID, 0, 80 }
};
/**
@@ -76,22 +76,22 @@ EFI_SIGNATURE_ITEM mSupportSigItem[] = {
**/
EFI_STATUS
AuthServiceInternalFindVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- OUT VOID **Data,
- OUT UINTN *DataSize
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT VOID **Data,
+ OUT UINTN *DataSize
)
{
- EFI_STATUS Status;
- AUTH_VARIABLE_INFO AuthVariableInfo;
+ EFI_STATUS Status;
+ AUTH_VARIABLE_INFO AuthVariableInfo;
ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
Status = mAuthVarLibContextIn->FindVariable (
- VariableName,
- VendorGuid,
- &AuthVariableInfo
- );
- *Data = AuthVariableInfo.Data;
+ VariableName,
+ VendorGuid,
+ &AuthVariableInfo
+ );
+ *Data = AuthVariableInfo.Data;
*DataSize = AuthVariableInfo.DataSize;
return Status;
}
@@ -113,25 +113,25 @@ AuthServiceInternalFindVariable (
**/
EFI_STATUS
AuthServiceInternalUpdateVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
)
{
- AUTH_VARIABLE_INFO AuthVariableInfo;
+ AUTH_VARIABLE_INFO AuthVariableInfo;
ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
AuthVariableInfo.VariableName = VariableName;
- AuthVariableInfo.VendorGuid = VendorGuid;
- AuthVariableInfo.Data = Data;
- AuthVariableInfo.DataSize = DataSize;
- AuthVariableInfo.Attributes = Attributes;
+ AuthVariableInfo.VendorGuid = VendorGuid;
+ AuthVariableInfo.Data = Data;
+ AuthVariableInfo.DataSize = DataSize;
+ AuthVariableInfo.Attributes = Attributes;
return mAuthVarLibContextIn->UpdateVariable (
- &AuthVariableInfo
- );
+ &AuthVariableInfo
+ );
}
/**
@@ -152,18 +152,18 @@ AuthServiceInternalUpdateVariable (
**/
EFI_STATUS
AuthServiceInternalUpdateVariableWithTimeStamp (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes,
- IN EFI_TIME *TimeStamp
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN EFI_TIME *TimeStamp
)
{
- EFI_STATUS FindStatus;
- VOID *OrgData;
- UINTN OrgDataSize;
- AUTH_VARIABLE_INFO AuthVariableInfo;
+ EFI_STATUS FindStatus;
+ VOID *OrgData;
+ UINTN OrgDataSize;
+ AUTH_VARIABLE_INFO AuthVariableInfo;
FindStatus = AuthServiceInternalFindVariable (
VariableName,
@@ -177,9 +177,10 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
//
if (!EFI_ERROR (FindStatus) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0)) {
if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
- ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
- (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
- (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
+ (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)))
+ {
//
// For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
// EFI_SIGNATURE_DATA values that are already part of the existing variable value.
@@ -195,14 +196,14 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
AuthVariableInfo.VariableName = VariableName;
- AuthVariableInfo.VendorGuid = VendorGuid;
- AuthVariableInfo.Data = Data;
- AuthVariableInfo.DataSize = DataSize;
- AuthVariableInfo.Attributes = Attributes;
- AuthVariableInfo.TimeStamp = TimeStamp;
+ AuthVariableInfo.VendorGuid = VendorGuid;
+ AuthVariableInfo.Data = Data;
+ AuthVariableInfo.DataSize = DataSize;
+ AuthVariableInfo.Attributes = Attributes;
+ AuthVariableInfo.TimeStamp = TimeStamp;
return mAuthVarLibContextIn->UpdateVariable (
- &AuthVariableInfo
- );
+ &AuthVariableInfo
+ );
}
/**
@@ -216,15 +217,16 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
**/
BOOLEAN
-NeedPhysicallyPresent(
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
+NeedPhysicallyPresent (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
)
{
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
- if (IsVariablePolicyEnabled()) {
- if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
- || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
+ if (IsVariablePolicyEnabled ()) {
+ if ( (CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
+ || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0)))
+ {
return TRUE;
}
}
@@ -244,12 +246,12 @@ InCustomMode (
VOID
)
{
- EFI_STATUS Status;
- VOID *Data;
- UINTN DataSize;
+ EFI_STATUS Status;
+ VOID *Data;
+ UINTN DataSize;
Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize);
- if (!EFI_ERROR (Status) && (*(UINT8 *) Data == CUSTOM_SECURE_BOOT_MODE)) {
+ if (!EFI_ERROR (Status) && (*(UINT8 *)Data == CUSTOM_SECURE_BOOT_MODE)) {
return TRUE;
}
@@ -267,15 +269,15 @@ InCustomMode (
**/
EFI_STATUS
UpdatePlatformMode (
- IN UINT32 Mode
+ IN UINT32 Mode
)
{
- EFI_STATUS Status;
- VOID *Data;
- UINTN DataSize;
- UINT8 SecureBootMode;
- UINT8 SecureBootEnable;
- UINTN VariableDataSize;
+ EFI_STATUS Status;
+ VOID *Data;
+ UINTN DataSize;
+ UINT8 SecureBootMode;
+ UINT8 SecureBootEnable;
+ UINTN VariableDataSize;
Status = AuthServiceInternalFindVariable (
EFI_SETUP_MODE_NAME,
@@ -291,8 +293,8 @@ UpdatePlatformMode (
// Update the value of SetupMode variable by a simple mem copy, this could avoid possible
// variable storage reclaim at runtime.
//
- mPlatformMode = (UINT8) Mode;
- CopyMem (Data, &mPlatformMode, sizeof(UINT8));
+ mPlatformMode = (UINT8)Mode;
+ CopyMem (Data, &mPlatformMode, sizeof (UINT8));
if (mAuthVarLibContextIn->AtRuntime ()) {
//
@@ -331,13 +333,13 @@ UpdatePlatformMode (
}
}
- Status = AuthServiceInternalUpdateVariable (
- EFI_SECURE_BOOT_MODE_NAME,
- &gEfiGlobalVariableGuid,
- &SecureBootMode,
- sizeof(UINT8),
- EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_MODE_NAME,
+ &gEfiGlobalVariableGuid,
+ &SecureBootMode,
+ sizeof (UINT8),
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -366,6 +368,7 @@ UpdatePlatformMode (
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
}
+
SecureBootEnable = SECURE_BOOT_DISABLE;
VariableDataSize = 0;
}
@@ -393,21 +396,21 @@ UpdatePlatformMode (
**/
EFI_STATUS
-CheckSignatureListFormat(
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize
+CheckSignatureListFormat (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize
)
{
- EFI_SIGNATURE_LIST *SigList;
- UINTN SigDataSize;
- UINT32 Index;
- UINT32 SigCount;
- BOOLEAN IsPk;
- VOID *RsaContext;
- EFI_SIGNATURE_DATA *CertData;
- UINTN CertLen;
+ EFI_SIGNATURE_LIST *SigList;
+ UINTN SigDataSize;
+ UINT32 Index;
+ UINT32 SigCount;
+ BOOLEAN IsPk;
+ VOID *RsaContext;
+ EFI_SIGNATURE_DATA *CertData;
+ UINTN CertLen;
if (DataSize == 0) {
return EFI_SUCCESS;
@@ -415,21 +418,22 @@ CheckSignatureListFormat(
ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL);
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
IsPk = TRUE;
} else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||
(CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
- ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
- (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) {
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))))
+ {
IsPk = FALSE;
} else {
return EFI_SUCCESS;
}
- SigCount = 0;
- SigList = (EFI_SIGNATURE_LIST *) Data;
- SigDataSize = DataSize;
- RsaContext = NULL;
+ SigCount = 0;
+ SigList = (EFI_SIGNATURE_LIST *)Data;
+ SigDataSize = DataSize;
+ RsaContext = NULL;
//
// Walk through the input signature list and check the data format.
@@ -442,14 +446,18 @@ CheckSignatureListFormat(
// The value of SignatureSize should always be 16 (size of SignatureOwner
// component) add the data length according to signature type.
//
- if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&
- (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {
+ if ((mSupportSigItem[Index].SigDataSize != ((UINT32) ~0)) &&
+ ((SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize))
+ {
return EFI_INVALID_PARAMETER;
}
- if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) &&
- SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) {
+
+ if ((mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0)) &&
+ (SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize))
+ {
return EFI_INVALID_PARAMETER;
}
+
break;
}
}
@@ -470,29 +478,32 @@ CheckSignatureListFormat(
if (RsaContext == NULL) {
return EFI_INVALID_PARAMETER;
}
- CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
- CertLen = SigList->SignatureSize - sizeof (EFI_GUID);
+
+ CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
+ CertLen = SigList->SignatureSize - sizeof (EFI_GUID);
if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) {
RsaFree (RsaContext);
return EFI_INVALID_PARAMETER;
}
+
RsaFree (RsaContext);
}
if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {
return EFI_INVALID_PARAMETER;
}
+
SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;
SigDataSize -= SigList->SignatureListSize;
- SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize);
+ SigList = (EFI_SIGNATURE_LIST *)((UINT8 *)SigList + SigList->SignatureListSize);
}
- if (((UINTN) SigList - (UINTN) Data) != DataSize) {
+ if (((UINTN)SigList - (UINTN)Data) != DataSize) {
return EFI_INVALID_PARAMETER;
}
- if (IsPk && SigCount > 1) {
+ if (IsPk && (SigCount > 1)) {
return EFI_INVALID_PARAMETER;
}
@@ -511,11 +522,12 @@ VendorKeyIsModified (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
if (mVendorKeyState == VENDOR_KEYS_MODIFIED) {
return EFI_SUCCESS;
}
+
mVendorKeyState = VENDOR_KEYS_MODIFIED;
Status = AuthServiceInternalUpdateVariable (
@@ -564,21 +576,22 @@ VendorKeyIsModified (
**/
EFI_STATUS
ProcessVarWithPk (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes OPTIONAL,
- IN BOOLEAN IsPk
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL,
+ IN BOOLEAN IsPk
)
{
- EFI_STATUS Status;
- BOOLEAN Del;
- UINT8 *Payload;
- UINTN PayloadSize;
+ EFI_STATUS Status;
+ BOOLEAN Del;
+ UINT8 *Payload;
+ UINTN PayloadSize;
- if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
- (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+ if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
+ ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
+ {
//
// PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
@@ -590,14 +603,14 @@ ProcessVarWithPk (
// Init state of Del. State may change due to secure check
//
Del = FALSE;
- if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
- Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
+ if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) {
+ Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) {
Del = TRUE;
}
- Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);
+ Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -608,9 +621,9 @@ ProcessVarWithPk (
Payload,
PayloadSize,
Attributes,
- &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp
+ &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp
);
- if (EFI_ERROR(Status)) {
+ if (EFI_ERROR (Status)) {
return Status;
}
@@ -645,13 +658,13 @@ ProcessVarWithPk (
);
}
- if (!EFI_ERROR(Status) && IsPk) {
- if (mPlatformMode == SETUP_MODE && !Del) {
+ if (!EFI_ERROR (Status) && IsPk) {
+ if ((mPlatformMode == SETUP_MODE) && !Del) {
//
// If enroll PK in setup mode, need change to user mode.
//
Status = UpdatePlatformMode (USER_MODE);
- } else if (mPlatformMode == USER_MODE && Del){
+ } else if ((mPlatformMode == USER_MODE) && Del) {
//
// If delete PK in user mode, need change to setup mode.
//
@@ -687,19 +700,20 @@ ProcessVarWithPk (
**/
EFI_STATUS
ProcessVarWithKek (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes OPTIONAL
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL
)
{
- EFI_STATUS Status;
- UINT8 *Payload;
- UINTN PayloadSize;
+ EFI_STATUS Status;
+ UINT8 *Payload;
+ UINTN PayloadSize;
- if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
- (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+ if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
+ ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
+ {
//
// DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
@@ -708,7 +722,7 @@ ProcessVarWithKek (
}
Status = EFI_SUCCESS;
- if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
+ if ((mPlatformMode == USER_MODE) && !(InCustomMode () && UserPhysicalPresent ())) {
//
// Time-based, verify against X509 Cert KEK.
//
@@ -725,10 +739,10 @@ ProcessVarWithKek (
//
// If in setup mode or custom secure boot mode, no authentication needed.
//
- Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
+ Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
- Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);
+ Status = CheckSignatureListFormat (VariableName, VendorGuid, Payload, PayloadSize);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -739,7 +753,7 @@ ProcessVarWithKek (
Payload,
PayloadSize,
Attributes,
- &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp
+ &((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->TimeStamp
);
if (EFI_ERROR (Status)) {
return Status;
@@ -767,14 +781,14 @@ ProcessVarWithKek (
**/
BOOLEAN
IsDeleteAuthVariable (
- IN UINT32 OrgAttributes,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes
+ IN UINT32 OrgAttributes,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
)
{
- BOOLEAN Del;
- UINTN PayloadSize;
+ BOOLEAN Del;
+ UINTN PayloadSize;
Del = FALSE;
@@ -785,7 +799,8 @@ IsDeleteAuthVariable (
// and the DataSize set to the size of the AuthInfo descriptor.
//
if ((Attributes == OrgAttributes) &&
- ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
+ ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
+ {
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) {
@@ -830,37 +845,37 @@ IsDeleteAuthVariable (
**/
EFI_STATUS
ProcessVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
)
{
- EFI_STATUS Status;
- AUTH_VARIABLE_INFO OrgVariableInfo;
+ EFI_STATUS Status;
+ AUTH_VARIABLE_INFO OrgVariableInfo;
- Status = EFI_SUCCESS;
+ Status = EFI_SUCCESS;
ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo));
Status = mAuthVarLibContextIn->FindVariable (
- VariableName,
- VendorGuid,
- &OrgVariableInfo
- );
+ VariableName,
+ VendorGuid,
+ &OrgVariableInfo
+ );
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
- if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) {
+ if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent () || !IsVariablePolicyEnabled ())) {
//
// Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.
//
Status = AuthServiceInternalUpdateVariable (
- VariableName,
- VendorGuid,
- NULL,
- 0,
- 0
- );
+ VariableName,
+ VendorGuid,
+ NULL,
+ 0,
+ 0
+ );
if (!EFI_ERROR (Status) && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {
Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);
}
@@ -868,7 +883,7 @@ ProcessVariable (
return Status;
}
- if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
+ if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent ()) {
//
// This variable is protected, only physical present user could modify its value.
//
@@ -897,7 +912,8 @@ ProcessVariable (
}
if ((OrgVariableInfo.Data != NULL) &&
- ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
+ ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
+ {
//
// If the variable is already write-protected, it always needs authentication before update.
//
@@ -909,7 +925,6 @@ ProcessVariable (
//
Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
return Status;
-
}
/**
@@ -923,56 +938,57 @@ ProcessVariable (
**/
EFI_STATUS
FilterSignatureList (
- IN VOID *Data,
- IN UINTN DataSize,
- IN OUT VOID *NewData,
- IN OUT UINTN *NewDataSize
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN OUT VOID *NewData,
+ IN OUT UINTN *NewDataSize
)
{
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertCount;
- EFI_SIGNATURE_LIST *NewCertList;
- EFI_SIGNATURE_DATA *NewCert;
- UINTN NewCertCount;
- UINTN Index;
- UINTN Index2;
- UINTN Size;
- UINT8 *Tail;
- UINTN CopiedCount;
- UINTN SignatureListSize;
- BOOLEAN IsNewCert;
- UINT8 *TempData;
- UINTN TempDataSize;
- EFI_STATUS Status;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN CertCount;
+ EFI_SIGNATURE_LIST *NewCertList;
+ EFI_SIGNATURE_DATA *NewCert;
+ UINTN NewCertCount;
+ UINTN Index;
+ UINTN Index2;
+ UINTN Size;
+ UINT8 *Tail;
+ UINTN CopiedCount;
+ UINTN SignatureListSize;
+ BOOLEAN IsNewCert;
+ UINT8 *TempData;
+ UINTN TempDataSize;
+ EFI_STATUS Status;
if (*NewDataSize == 0) {
return EFI_SUCCESS;
}
TempDataSize = *NewDataSize;
- Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **) &TempData);
+ Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **)&TempData);
if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES;
}
Tail = TempData;
- NewCertList = (EFI_SIGNATURE_LIST *) NewData;
+ NewCertList = (EFI_SIGNATURE_LIST *)NewData;
while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) {
- NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);
+ NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);
NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize;
CopiedCount = 0;
for (Index = 0; Index < NewCertCount; Index++) {
IsNewCert = TRUE;
- Size = DataSize;
- CertList = (EFI_SIGNATURE_LIST *) Data;
+ Size = DataSize;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
while ((Size > 0) && (Size >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&
- (CertList->SignatureSize == NewCertList->SignatureSize)) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ (CertList->SignatureSize == NewCertList->SignatureSize))
+ {
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index2 = 0; Index2 < CertCount; Index2++) {
//
@@ -982,15 +998,17 @@ FilterSignatureList (
IsNewCert = FALSE;
break;
}
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
if (!IsNewCert) {
break;
}
- Size -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+
+ Size -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
if (IsNewCert) {
@@ -1010,23 +1028,23 @@ FilterSignatureList (
CopiedCount++;
}
- NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize);
+ NewCert = (EFI_SIGNATURE_DATA *)((UINT8 *)NewCert + NewCertList->SignatureSize);
}
//
// Update SignatureListSize in the kept EFI_SIGNATURE_LIST.
//
if (CopiedCount != 0) {
- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);
- CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize);
- CertList->SignatureListSize = (UINT32) SignatureListSize;
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);
+ CertList = (EFI_SIGNATURE_LIST *)(Tail - SignatureListSize);
+ CertList->SignatureListSize = (UINT32)SignatureListSize;
}
*NewDataSize -= NewCertList->SignatureListSize;
- NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize);
+ NewCertList = (EFI_SIGNATURE_LIST *)((UINT8 *)NewCertList + NewCertList->SignatureListSize);
}
- TempDataSize = (Tail - (UINT8 *) TempData);
+ TempDataSize = (Tail - (UINT8 *)TempData);
CopyMem (NewData, TempData, TempDataSize);
*NewDataSize = TempDataSize;
@@ -1047,23 +1065,23 @@ FilterSignatureList (
**/
BOOLEAN
AuthServiceInternalCompareTimeStamp (
- IN EFI_TIME *FirstTime,
- IN EFI_TIME *SecondTime
+ IN EFI_TIME *FirstTime,
+ IN EFI_TIME *SecondTime
)
{
if (FirstTime->Year != SecondTime->Year) {
- return (BOOLEAN) (FirstTime->Year < SecondTime->Year);
+ return (BOOLEAN)(FirstTime->Year < SecondTime->Year);
} else if (FirstTime->Month != SecondTime->Month) {
- return (BOOLEAN) (FirstTime->Month < SecondTime->Month);
+ return (BOOLEAN)(FirstTime->Month < SecondTime->Month);
} else if (FirstTime->Day != SecondTime->Day) {
- return (BOOLEAN) (FirstTime->Day < SecondTime->Day);
+ return (BOOLEAN)(FirstTime->Day < SecondTime->Day);
} else if (FirstTime->Hour != SecondTime->Hour) {
- return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour);
+ return (BOOLEAN)(FirstTime->Hour < SecondTime->Hour);
} else if (FirstTime->Minute != SecondTime->Minute) {
- return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute);
+ return (BOOLEAN)(FirstTime->Minute < SecondTime->Minute);
}
- return (BOOLEAN) (FirstTime->Second <= SecondTime->Second);
+ return (BOOLEAN)(FirstTime->Second <= SecondTime->Second);
}
/**
@@ -1081,37 +1099,37 @@ AuthServiceInternalCompareTimeStamp (
**/
EFI_STATUS
-CalculatePrivAuthVarSignChainSHA256Digest(
- IN UINT8 *SignerCert,
- IN UINTN SignerCertSize,
- IN UINT8 *TopLevelCert,
- IN UINTN TopLevelCertSize,
- OUT UINT8 *Sha256Digest
+CalculatePrivAuthVarSignChainSHA256Digest (
+ IN UINT8 *SignerCert,
+ IN UINTN SignerCertSize,
+ IN UINT8 *TopLevelCert,
+ IN UINTN TopLevelCertSize,
+ OUT UINT8 *Sha256Digest
)
{
- UINT8 *TbsCert;
- UINTN TbsCertSize;
- CHAR8 CertCommonName[128];
- UINTN CertCommonNameSize;
- BOOLEAN CryptoStatus;
- EFI_STATUS Status;
+ UINT8 *TbsCert;
+ UINTN TbsCertSize;
+ CHAR8 CertCommonName[128];
+ UINTN CertCommonNameSize;
+ BOOLEAN CryptoStatus;
+ EFI_STATUS Status;
- CertCommonNameSize = sizeof(CertCommonName);
+ CertCommonNameSize = sizeof (CertCommonName);
//
// Get SignerCert CommonName
//
- Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
- if (EFI_ERROR(Status)) {
- DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));
+ Status = X509GetCommonName (SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status));
return EFI_ABORTED;
}
//
// Get TopLevelCert tbsCertificate
//
- if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {
- DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));
+ if (!X509GetTBSCert (TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) {
+ DEBUG ((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__));
return EFI_ABORTED;
}
@@ -1141,7 +1159,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
return EFI_ABORTED;
}
- CryptoStatus = Sha256Final (mHashCtx, Sha256Digest);
+ CryptoStatus = Sha256Final (mHashCtx, Sha256Digest);
if (!CryptoStatus) {
return EFI_ABORTED;
}
@@ -1179,22 +1197,22 @@ CalculatePrivAuthVarSignChainSHA256Digest(
**/
EFI_STATUS
FindCertsFromDb (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT8 *Data,
- IN UINTN DataSize,
- OUT UINT32 *CertOffset OPTIONAL,
- OUT UINT32 *CertDataSize OPTIONAL,
- OUT UINT32 *CertNodeOffset OPTIONAL,
- OUT UINT32 *CertNodeSize OPTIONAL
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT8 *Data,
+ IN UINTN DataSize,
+ OUT UINT32 *CertOffset OPTIONAL,
+ OUT UINT32 *CertDataSize OPTIONAL,
+ OUT UINT32 *CertNodeOffset OPTIONAL,
+ OUT UINT32 *CertNodeSize OPTIONAL
)
{
- UINT32 Offset;
- AUTH_CERT_DB_DATA *Ptr;
- UINT32 CertSize;
- UINT32 NameSize;
- UINT32 NodeSize;
- UINT32 CertDbListSize;
+ UINT32 Offset;
+ AUTH_CERT_DB_DATA *Ptr;
+ UINT32 CertSize;
+ UINT32 NameSize;
+ UINT32 NodeSize;
+ UINT32 CertDbListSize;
if ((VariableName == NULL) || (VendorGuid == NULL) || (Data == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -1207,9 +1225,9 @@ FindCertsFromDb (
return EFI_INVALID_PARAMETER;
}
- CertDbListSize = ReadUnaligned32 ((UINT32 *) Data);
+ CertDbListSize = ReadUnaligned32 ((UINT32 *)Data);
- if (CertDbListSize != (UINT32) DataSize) {
+ if (CertDbListSize != (UINT32)DataSize) {
return EFI_INVALID_PARAMETER;
}
@@ -1218,8 +1236,8 @@ FindCertsFromDb (
//
// Get corresponding certificates by VendorGuid and VariableName.
//
- while (Offset < (UINT32) DataSize) {
- Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);
+ while (Offset < (UINT32)DataSize) {
+ Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);
//
// Check whether VendorGuid matches.
//
@@ -1229,7 +1247,8 @@ FindCertsFromDb (
CertSize = ReadUnaligned32 (&Ptr->CertDataSize);
if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +
- sizeof (CHAR16) * NameSize) {
+ sizeof (CHAR16) * NameSize)
+ {
return EFI_INVALID_PARAMETER;
}
@@ -1238,7 +1257,8 @@ FindCertsFromDb (
// Check whether VariableName matches.
//
if ((NameSize == StrLen (VariableName)) &&
- (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {
+ (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0))
+ {
Offset = Offset + NameSize * sizeof (CHAR16);
if (CertOffset != NULL) {
@@ -1250,7 +1270,7 @@ FindCertsFromDb (
}
if (CertNodeOffset != NULL) {
- *CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data);
+ *CertNodeOffset = (UINT32)((UINT8 *)Ptr - Data);
}
if (CertNodeSize != NULL) {
@@ -1288,24 +1308,23 @@ FindCertsFromDb (
**/
EFI_STATUS
GetCertsFromDb (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- OUT UINT8 **CertData,
- OUT UINT32 *CertDataSize
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ OUT UINT8 **CertData,
+ OUT UINT32 *CertDataSize
)
{
- EFI_STATUS Status;
- UINT8 *Data;
- UINTN DataSize;
- UINT32 CertOffset;
- CHAR16 *DbName;
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINT32 CertOffset;
+ CHAR16 *DbName;
if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL) || (CertDataSize == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
//
// Get variable "certdb".
@@ -1324,7 +1343,7 @@ GetCertsFromDb (
Status = AuthServiceInternalFindVariable (
DbName,
&gEfiCertDbGuid,
- (VOID **) &Data,
+ (VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@@ -1372,20 +1391,20 @@ GetCertsFromDb (
**/
EFI_STATUS
DeleteCertsFromDb (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes
)
{
- EFI_STATUS Status;
- UINT8 *Data;
- UINTN DataSize;
- UINT32 VarAttr;
- UINT32 CertNodeOffset;
- UINT32 CertNodeSize;
- UINT8 *NewCertDb;
- UINT32 NewCertDbSize;
- CHAR16 *DbName;
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINT32 VarAttr;
+ UINT32 CertNodeOffset;
+ UINT32 CertNodeSize;
+ UINT8 *NewCertDb;
+ UINT32 NewCertDbSize;
+ CHAR16 *DbName;
if ((VariableName == NULL) || (VendorGuid == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -1395,20 +1414,20 @@ DeleteCertsFromDb (
//
// Get variable "certdb".
//
- DbName = EFI_CERT_DB_NAME;
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ DbName = EFI_CERT_DB_NAME;
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
} else {
//
// Get variable "certdbv".
//
- DbName = EFI_CERT_DB_VOLATILE_NAME;
+ DbName = EFI_CERT_DB_VOLATILE_NAME;
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
}
Status = AuthServiceInternalFindVariable (
DbName,
&gEfiCertDbGuid,
- (VOID **) &Data,
+ (VOID **)&Data,
&DataSize
);
@@ -1453,8 +1472,8 @@ DeleteCertsFromDb (
//
// Construct new data content of variable "certdb" or "certdbv".
//
- NewCertDbSize = (UINT32) DataSize - CertNodeSize;
- NewCertDb = (UINT8*) mCertDbStore;
+ NewCertDbSize = (UINT32)DataSize - CertNodeSize;
+ NewCertDb = (UINT8 *)mCertDbStore;
//
// Copy the DB entries before deleting node.
@@ -1478,13 +1497,13 @@ DeleteCertsFromDb (
//
// Set "certdb" or "certdbv".
//
- Status = AuthServiceInternalUpdateVariable (
- DbName,
- &gEfiCertDbGuid,
- NewCertDb,
- NewCertDbSize,
- VarAttr
- );
+ Status = AuthServiceInternalUpdateVariable (
+ DbName,
+ &gEfiCertDbGuid,
+ NewCertDb,
+ NewCertDbSize,
+ VarAttr
+ );
return Status;
}
@@ -1512,29 +1531,29 @@ DeleteCertsFromDb (
**/
EFI_STATUS
InsertCertsToDb (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINT8 *SignerCert,
- IN UINTN SignerCertSize,
- IN UINT8 *TopLevelCert,
- IN UINTN TopLevelCertSize
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINT8 *SignerCert,
+ IN UINTN SignerCertSize,
+ IN UINT8 *TopLevelCert,
+ IN UINTN TopLevelCertSize
)
{
- EFI_STATUS Status;
- UINT8 *Data;
- UINTN DataSize;
- UINT32 VarAttr;
- UINT8 *NewCertDb;
- UINT32 NewCertDbSize;
- UINT32 CertNodeSize;
- UINT32 NameSize;
- UINT32 CertDataSize;
- AUTH_CERT_DB_DATA *Ptr;
- CHAR16 *DbName;
- UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
-
- if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) ||(TopLevelCert == NULL)) {
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINT32 VarAttr;
+ UINT8 *NewCertDb;
+ UINT32 NewCertDbSize;
+ UINT32 CertNodeSize;
+ UINT32 NameSize;
+ UINT32 CertDataSize;
+ AUTH_CERT_DB_DATA *Ptr;
+ CHAR16 *DbName;
+ UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
+
+ if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) || (TopLevelCert == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -1542,13 +1561,13 @@ InsertCertsToDb (
//
// Get variable "certdb".
//
- DbName = EFI_CERT_DB_NAME;
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ DbName = EFI_CERT_DB_NAME;
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
} else {
//
// Get variable "certdbv".
//
- DbName = EFI_CERT_DB_VOLATILE_NAME;
+ DbName = EFI_CERT_DB_VOLATILE_NAME;
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
}
@@ -1558,7 +1577,7 @@ InsertCertsToDb (
Status = AuthServiceInternalFindVariable (
DbName,
&gEfiCertDbGuid,
- (VOID **) &Data,
+ (VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@@ -1593,15 +1612,15 @@ InsertCertsToDb (
//
// Construct new data content of variable "certdb" or "certdbv".
//
- NameSize = (UINT32) StrLen (VariableName);
- CertDataSize = sizeof(Sha256Digest);
- CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
- NewCertDbSize = (UINT32) DataSize + CertNodeSize;
+ NameSize = (UINT32)StrLen (VariableName);
+ CertDataSize = sizeof (Sha256Digest);
+ CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32)CertDataSize + NameSize * sizeof (CHAR16);
+ NewCertDbSize = (UINT32)DataSize + CertNodeSize;
if (NewCertDbSize > mMaxCertDbSize) {
return EFI_OUT_OF_RESOURCES;
}
- Status = CalculatePrivAuthVarSignChainSHA256Digest(
+ Status = CalculatePrivAuthVarSignChainSHA256Digest (
SignerCert,
SignerCertSize,
TopLevelCert,
@@ -1612,7 +1631,7 @@ InsertCertsToDb (
return Status;
}
- NewCertDb = (UINT8*) mCertDbStore;
+ NewCertDb = (UINT8 *)mCertDbStore;
//
// Copy the DB entries before inserting node.
@@ -1625,20 +1644,20 @@ InsertCertsToDb (
//
// Construct new cert node.
//
- Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize);
+ Ptr = (AUTH_CERT_DB_DATA *)(NewCertDb + DataSize);
CopyGuid (&Ptr->VendorGuid, VendorGuid);
CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32));
CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32));
CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32));
CopyMem (
- (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA),
+ (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA),
VariableName,
NameSize * sizeof (CHAR16)
);
CopyMem (
- (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),
+ (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),
Sha256Digest,
CertDataSize
);
@@ -1646,13 +1665,13 @@ InsertCertsToDb (
//
// Set "certdb" or "certdbv".
//
- Status = AuthServiceInternalUpdateVariable (
- DbName,
- &gEfiCertDbGuid,
- NewCertDb,
- NewCertDbSize,
- VarAttr
- );
+ Status = AuthServiceInternalUpdateVariable (
+ DbName,
+ &gEfiCertDbGuid,
+ NewCertDb,
+ NewCertDbSize,
+ VarAttr
+ );
return Status;
}
@@ -1674,17 +1693,17 @@ CleanCertsFromDb (
VOID
)
{
- UINT32 Offset;
- AUTH_CERT_DB_DATA *Ptr;
- UINT32 NameSize;
- UINT32 NodeSize;
- CHAR16 *VariableName;
- EFI_STATUS Status;
- BOOLEAN CertCleaned;
- UINT8 *Data;
- UINTN DataSize;
- EFI_GUID AuthVarGuid;
- AUTH_VARIABLE_INFO AuthVariableInfo;
+ UINT32 Offset;
+ AUTH_CERT_DB_DATA *Ptr;
+ UINT32 NameSize;
+ UINT32 NodeSize;
+ CHAR16 *VariableName;
+ EFI_STATUS Status;
+ BOOLEAN CertCleaned;
+ UINT8 *Data;
+ UINTN DataSize;
+ EFI_GUID AuthVarGuid;
+ AUTH_VARIABLE_INFO AuthVariableInfo;
Status = EFI_SUCCESS;
@@ -1700,7 +1719,7 @@ CleanCertsFromDb (
Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
- (VOID **) &Data,
+ (VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@@ -1714,23 +1733,24 @@ CleanCertsFromDb (
Offset = sizeof (UINT32);
- while (Offset < (UINT32) DataSize) {
- Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);
+ while (Offset < (UINT32)DataSize) {
+ Ptr = (AUTH_CERT_DB_DATA *)(Data + Offset);
NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);
NameSize = ReadUnaligned32 (&Ptr->NameSize);
//
// Get VarName tailed with '\0'
//
- VariableName = AllocateZeroPool((NameSize + 1) * sizeof(CHAR16));
+ VariableName = AllocateZeroPool ((NameSize + 1) * sizeof (CHAR16));
if (VariableName == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- CopyMem (VariableName, (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof(CHAR16));
+
+ CopyMem (VariableName, (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof (CHAR16));
//
// Keep VarGuid aligned
//
- CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof(EFI_GUID));
+ CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof (EFI_GUID));
//
// Find corresponding time auth variable
@@ -1742,22 +1762,22 @@ CleanCertsFromDb (
&AuthVariableInfo
);
- if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+ if (EFI_ERROR (Status) || ((AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) {
//
// While cleaning certdb, always delete the variable in certdb regardless of it attributes.
//
- Status = DeleteCertsFromDb(
- VariableName,
- &AuthVarGuid,
- AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE
- );
+ Status = DeleteCertsFromDb (
+ VariableName,
+ &AuthVarGuid,
+ AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE
+ );
CertCleaned = TRUE;
- DEBUG((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));
- FreePool(VariableName);
+ DEBUG ((DEBUG_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));
+ FreePool (VariableName);
break;
}
- FreePool(VariableName);
+ FreePool (VariableName);
Offset = Offset + NodeSize;
}
} while (CertCleaned);
@@ -1796,58 +1816,58 @@ CleanCertsFromDb (
**/
EFI_STATUS
VerifyTimeBasedPayload (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes,
- IN AUTHVAR_TYPE AuthVarType,
- IN EFI_TIME *OrgTimeStamp,
- OUT UINT8 **VarPayloadPtr,
- OUT UINTN *VarPayloadSize
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN AUTHVAR_TYPE AuthVarType,
+ IN EFI_TIME *OrgTimeStamp,
+ OUT UINT8 **VarPayloadPtr,
+ OUT UINTN *VarPayloadSize
)
{
- EFI_VARIABLE_AUTHENTICATION_2 *CertData;
- UINT8 *SigData;
- UINT32 SigDataSize;
- UINT8 *PayloadPtr;
- UINTN PayloadSize;
- UINT32 Attr;
- BOOLEAN VerifyStatus;
- EFI_STATUS Status;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN Index;
- UINTN CertCount;
- UINT32 KekDataSize;
- UINT8 *NewData;
- UINTN NewDataSize;
- UINT8 *Buffer;
- UINTN Length;
- UINT8 *TopLevelCert;
- UINTN TopLevelCertSize;
- UINT8 *TrustedCert;
- UINTN TrustedCertSize;
- UINT8 *SignerCerts;
- UINTN CertStackSize;
- UINT8 *CertsInCertDb;
- UINT32 CertsSizeinDb;
- UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
- EFI_CERT_DATA *CertDataPtr;
+ EFI_VARIABLE_AUTHENTICATION_2 *CertData;
+ UINT8 *SigData;
+ UINT32 SigDataSize;
+ UINT8 *PayloadPtr;
+ UINTN PayloadSize;
+ UINT32 Attr;
+ BOOLEAN VerifyStatus;
+ EFI_STATUS Status;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN Index;
+ UINTN CertCount;
+ UINT32 KekDataSize;
+ UINT8 *NewData;
+ UINTN NewDataSize;
+ UINT8 *Buffer;
+ UINTN Length;
+ UINT8 *TopLevelCert;
+ UINTN TopLevelCertSize;
+ UINT8 *TrustedCert;
+ UINTN TrustedCertSize;
+ UINT8 *SignerCerts;
+ UINTN CertStackSize;
+ UINT8 *CertsInCertDb;
+ UINT32 CertsSizeinDb;
+ UINT8 Sha256Digest[SHA256_DIGEST_SIZE];
+ EFI_CERT_DATA *CertDataPtr;
//
// 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain
// 2. TrustedCert is the certificate which firmware trusts. It could be saved in protected
// storage or PK payload on PK init
//
- VerifyStatus = FALSE;
- CertData = NULL;
- NewData = NULL;
- Attr = Attributes;
- SignerCerts = NULL;
- TopLevelCert = NULL;
- CertsInCertDb = NULL;
- CertDataPtr = NULL;
+ VerifyStatus = FALSE;
+ CertData = NULL;
+ NewData = NULL;
+ Attr = Attributes;
+ SignerCerts = NULL;
+ TopLevelCert = NULL;
+ CertsInCertDb = NULL;
+ CertDataPtr = NULL;
//
// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is
@@ -1857,7 +1877,7 @@ VerifyTimeBasedPayload (
// variable value. The authentication descriptor is not part of the variable data and is not
// returned by subsequent calls to GetVariable().
//
- CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;
+ CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;
//
// Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the
@@ -1867,7 +1887,8 @@ VerifyTimeBasedPayload (
(CertData->TimeStamp.Nanosecond != 0) ||
(CertData->TimeStamp.TimeZone != 0) ||
(CertData->TimeStamp.Daylight != 0) ||
- (CertData->TimeStamp.Pad2 != 0)) {
+ (CertData->TimeStamp.Pad2 != 0))
+ {
return EFI_SECURITY_VIOLATION;
}
@@ -1885,7 +1906,8 @@ VerifyTimeBasedPayload (
// Cert type should be EFI_CERT_TYPE_PKCS7_GUID.
//
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
- !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) {
+ !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid))
+ {
//
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
//
@@ -1896,8 +1918,8 @@ VerifyTimeBasedPayload (
// Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor.
// AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.
//
- SigData = CertData->AuthInfo.CertData;
- SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
+ SigData = CertData->AuthInfo.CertData;
+ SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32)(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
//
// SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the
@@ -1916,20 +1938,21 @@ VerifyTimeBasedPayload (
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
- (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
- return EFI_SECURITY_VIOLATION;
- }
+ (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0))
+ {
+ return EFI_SECURITY_VIOLATION;
+ }
}
}
//
// Find out the new data payload which follows Pkcs7 SignedData directly.
//
- PayloadPtr = SigData + SigDataSize;
- PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;
+ PayloadPtr = SigData + SigDataSize;
+ PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN)SigDataSize;
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
- if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) {
+ if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {
VerifyStatus = TRUE;
goto Exit;
}
@@ -1950,7 +1973,7 @@ VerifyTimeBasedPayload (
// because it is only used at here to do verification temporarily first
// and then used in UpdateVariable() for a time based auth variable set.
//
- Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **) &NewData);
+ Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **)&NewData);
if (EFI_ERROR (Status)) {
return EFI_OUT_OF_RESOURCES;
}
@@ -2005,10 +2028,12 @@ VerifyTimeBasedPayload (
VerifyStatus = FALSE;
goto Exit;
}
- CertList = (EFI_SIGNATURE_LIST *) Data;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+
+ CertList = (EFI_SIGNATURE_LIST *)Data;
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) ||
- (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) {
+ (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0))
+ {
VerifyStatus = FALSE;
goto Exit;
}
@@ -2024,9 +2049,7 @@ VerifyTimeBasedPayload (
NewData,
NewDataSize
);
-
} else if (AuthVarType == AuthVarTypeKek) {
-
//
// Get KEK database from variable.
//
@@ -2043,18 +2066,18 @@ VerifyTimeBasedPayload (
//
// Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList.
//
- KekDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) Data;
+ KekDataSize = (UINT32)DataSize;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
//
// Iterate each Signature Data Node within this CertList for a verify
//
- TrustedCert = Cert->SignatureData;
- TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
+ TrustedCert = Cert->SignatureData;
+ TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
//
// Verify Pkcs7 SignedData via Pkcs7Verify library.
@@ -2070,14 +2093,15 @@ VerifyTimeBasedPayload (
if (VerifyStatus) {
goto Exit;
}
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
+
KekDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
} else if (AuthVarType == AuthVarTypePriv) {
-
//
// Process common authenticated variable except PK/KEK/DB/DBX/DBT.
// Get signer's certificates from SignedData.
@@ -2112,24 +2136,25 @@ VerifyTimeBasedPayload (
// Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb
//
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
- Status = CalculatePrivAuthVarSignChainSHA256Digest(
- CertDataPtr->CertDataBuffer,
- ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
- TopLevelCert,
- TopLevelCertSize,
- Sha256Digest
- );
- if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){
+ Status = CalculatePrivAuthVarSignChainSHA256Digest (
+ CertDataPtr->CertDataBuffer,
+ ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
+ TopLevelCert,
+ TopLevelCertSize,
+ Sha256Digest
+ );
+ if (EFI_ERROR (Status) || (CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0)) {
goto Exit;
}
} else {
- //
- // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb
- //
- if ((CertStackSize != CertsSizeinDb) ||
- (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {
- goto Exit;
- }
+ //
+ // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb
+ //
+ if ((CertStackSize != CertsSizeinDb) ||
+ (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0))
+ {
+ goto Exit;
+ }
}
}
@@ -2150,23 +2175,23 @@ VerifyTimeBasedPayload (
// When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer
//
CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1);
- Status = InsertCertsToDb (
- VariableName,
- VendorGuid,
- Attributes,
- CertDataPtr->CertDataBuffer,
- ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
- TopLevelCert,
- TopLevelCertSize
- );
+ Status = InsertCertsToDb (
+ VariableName,
+ VendorGuid,
+ Attributes,
+ CertDataPtr->CertDataBuffer,
+ ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)),
+ TopLevelCert,
+ TopLevelCertSize
+ );
if (EFI_ERROR (Status)) {
VerifyStatus = FALSE;
goto Exit;
}
}
} else if (AuthVarType == AuthVarTypePayload) {
- CertList = (EFI_SIGNATURE_LIST *) PayloadPtr;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertList = (EFI_SIGNATURE_LIST *)PayloadPtr;
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
TrustedCert = Cert->SignatureData;
TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
//
@@ -2186,12 +2211,13 @@ VerifyTimeBasedPayload (
Exit:
- if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {
+ if ((AuthVarType == AuthVarTypePk) || (AuthVarType == AuthVarTypePriv)) {
if (TopLevelCert != NULL) {
- Pkcs7FreeSigners (TopLevelCert);
+ Pkcs7FreeSigners (TopLevelCert);
}
+
if (SignerCerts != NULL) {
- Pkcs7FreeSigners (SignerCerts);
+ Pkcs7FreeSigners (SignerCerts);
}
}
@@ -2199,12 +2225,12 @@ Exit:
return EFI_SECURITY_VIOLATION;
}
- Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize);
+ Status = CheckSignatureListFormat (VariableName, VendorGuid, PayloadPtr, PayloadSize);
if (EFI_ERROR (Status)) {
return Status;
}
- *VarPayloadPtr = PayloadPtr;
+ *VarPayloadPtr = PayloadPtr;
*VarPayloadSize = PayloadSize;
return EFI_SUCCESS;
@@ -2238,29 +2264,29 @@ Exit:
**/
EFI_STATUS
VerifyTimeBasedPayloadAndUpdate (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes,
- IN AUTHVAR_TYPE AuthVarType,
- OUT BOOLEAN *VarDel
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN AUTHVAR_TYPE AuthVarType,
+ OUT BOOLEAN *VarDel
)
{
- EFI_STATUS Status;
- EFI_STATUS FindStatus;
- UINT8 *PayloadPtr;
- UINTN PayloadSize;
- EFI_VARIABLE_AUTHENTICATION_2 *CertData;
- AUTH_VARIABLE_INFO OrgVariableInfo;
- BOOLEAN IsDel;
+ EFI_STATUS Status;
+ EFI_STATUS FindStatus;
+ UINT8 *PayloadPtr;
+ UINTN PayloadSize;
+ EFI_VARIABLE_AUTHENTICATION_2 *CertData;
+ AUTH_VARIABLE_INFO OrgVariableInfo;
+ BOOLEAN IsDel;
ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo));
FindStatus = mAuthVarLibContextIn->FindVariable (
- VariableName,
- VendorGuid,
- &OrgVariableInfo
- );
+ VariableName,
+ VendorGuid,
+ &OrgVariableInfo
+ );
Status = VerifyTimeBasedPayload (
VariableName,
@@ -2277,15 +2303,16 @@ VerifyTimeBasedPayloadAndUpdate (
return Status;
}
- if (!EFI_ERROR(FindStatus)
- && (PayloadSize == 0)
- && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
+ if ( !EFI_ERROR (FindStatus)
+ && (PayloadSize == 0)
+ && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0))
+ {
IsDel = TRUE;
} else {
IsDel = FALSE;
}
- CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;
+ CertData = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;
//
// Final step: Update/Append Variable if it pass Pkcs7Verify
@@ -2302,12 +2329,12 @@ VerifyTimeBasedPayloadAndUpdate (
//
// Delete signer's certificates when delete the common authenticated variable.
//
- if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) {
+ if (IsDel && (AuthVarType == AuthVarTypePriv) && !EFI_ERROR (Status)) {
Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);
}
if (VarDel != NULL) {
- if (IsDel && !EFI_ERROR(Status)) {
+ if (IsDel && !EFI_ERROR (Status)) {
*VarDel = TRUE;
} else {
*VarDel = FALSE;
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
index 2bec637f75..b202e613bc 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
+++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
@@ -31,7 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/ImageAuthentication.h>
-#define TWO_BYTE_ENCODE 0x82
+#define TWO_BYTE_ENCODE 0x82
///
/// Struct to record signature requirement defined by UEFI spec.
@@ -73,8 +73,8 @@ typedef enum {
/// | AUTH_CERT_DB_DATA | <-- Last CERT
/// +----------------------------+
///
-#define EFI_CERT_DB_NAME L"certdb"
-#define EFI_CERT_DB_VOLATILE_NAME L"certdbv"
+#define EFI_CERT_DB_NAME L"certdb"
+#define EFI_CERT_DB_VOLATILE_NAME L"certdbv"
#pragma pack(1)
typedef struct {
@@ -87,15 +87,14 @@ typedef struct {
} AUTH_CERT_DB_DATA;
#pragma pack()
-extern UINT8 *mCertDbStore;
-extern UINT32 mMaxCertDbSize;
-extern UINT32 mPlatformMode;
-extern UINT8 mVendorKeyState;
+extern UINT8 *mCertDbStore;
+extern UINT32 mMaxCertDbSize;
+extern UINT32 mPlatformMode;
+extern UINT8 mVendorKeyState;
-extern VOID *mHashCtx;
-
-extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
+extern VOID *mHashCtx;
+extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
/**
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
@@ -125,13 +124,13 @@ extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
**/
EFI_STATUS
VerifyTimeBasedPayloadAndUpdate (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes,
- IN AUTHVAR_TYPE AuthVarType,
- OUT BOOLEAN *VarDel
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN AUTHVAR_TYPE AuthVarType,
+ OUT BOOLEAN *VarDel
);
/**
@@ -151,9 +150,9 @@ VerifyTimeBasedPayloadAndUpdate (
**/
EFI_STATUS
DeleteCertsFromDb (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes
);
/**
@@ -183,10 +182,10 @@ CleanCertsFromDb (
**/
EFI_STATUS
FilterSignatureList (
- IN VOID *Data,
- IN UINTN DataSize,
- IN OUT VOID *NewData,
- IN OUT UINTN *NewDataSize
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN OUT VOID *NewData,
+ IN OUT UINTN *NewDataSize
);
/**
@@ -215,12 +214,12 @@ FilterSignatureList (
**/
EFI_STATUS
ProcessVarWithPk (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes OPTIONAL,
- IN BOOLEAN IsPk
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL,
+ IN BOOLEAN IsPk
);
/**
@@ -248,11 +247,11 @@ ProcessVarWithPk (
**/
EFI_STATUS
ProcessVarWithKek (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes OPTIONAL
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL
);
/**
@@ -283,11 +282,11 @@ ProcessVarWithKek (
**/
EFI_STATUS
ProcessVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
);
/**
@@ -310,10 +309,10 @@ ProcessVariable (
**/
EFI_STATUS
AuthServiceInternalFindVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- OUT VOID **Data,
- OUT UINTN *DataSize
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT VOID **Data,
+ OUT UINTN *DataSize
);
/**
@@ -333,11 +332,11 @@ AuthServiceInternalFindVariable (
**/
EFI_STATUS
AuthServiceInternalUpdateVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
);
/**
@@ -358,12 +357,12 @@ AuthServiceInternalUpdateVariable (
**/
EFI_STATUS
AuthServiceInternalUpdateVariableWithTimeStamp (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes,
- IN EFI_TIME *TimeStamp
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN EFI_TIME *TimeStamp
);
#endif
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
index 7f31458edb..dc61ae840c 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -21,19 +21,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
///
/// Global database array for scratch
///
-UINT8 *mCertDbStore;
-UINT32 mMaxCertDbSize;
-UINT32 mPlatformMode;
-UINT8 mVendorKeyState;
+UINT8 *mCertDbStore;
+UINT32 mMaxCertDbSize;
+UINT32 mPlatformMode;
+UINT8 mVendorKeyState;
-EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
+EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID };
//
// Hash context pointer
//
VOID *mHashCtx = NULL;
-VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
+VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
{
&gEfiSecureBootEnableDisableGuid,
EFI_SECURE_BOOT_ENABLE_NAME,
@@ -91,9 +91,9 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
},
};
-VOID **mAuthVarAddressPointer[9];
+VOID **mAuthVarAddressPointer[9];
-AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
+AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
/**
Initialization for authenticated variable services.
@@ -116,15 +116,15 @@ AuthVariableLibInitialize (
OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
)
{
- EFI_STATUS Status;
- UINT32 VarAttr;
- UINT8 *Data;
- UINTN DataSize;
- UINTN CtxSize;
- UINT8 SecureBootMode;
- UINT8 SecureBootEnable;
- UINT8 CustomMode;
- UINT32 ListSize;
+ EFI_STATUS Status;
+ UINT32 VarAttr;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINTN CtxSize;
+ UINT8 SecureBootMode;
+ UINT8 SecureBootEnable;
+ UINT8 CustomMode;
+ UINT32 ListSize;
if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -135,8 +135,8 @@ AuthVariableLibInitialize (
//
// Initialize hash context.
//
- CtxSize = Sha256GetContextSize ();
- mHashCtx = AllocateRuntimePool (CtxSize);
+ CtxSize = Sha256GetContextSize ();
+ mHashCtx = AllocateRuntimePool (CtxSize);
if (mHashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -145,13 +145,13 @@ AuthVariableLibInitialize (
// Reserve runtime buffer for certificate database. The size excludes variable header and name size.
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
//
- mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
+ mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
if (mCertDbStore == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
} else {
@@ -166,11 +166,12 @@ AuthVariableLibInitialize (
} else {
mPlatformMode = USER_MODE;
}
+
Status = AuthServiceInternalUpdateVariable (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
&mPlatformMode,
- sizeof(UINT8),
+ sizeof (UINT8),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
);
if (EFI_ERROR (Status)) {
@@ -180,13 +181,13 @@ AuthVariableLibInitialize (
//
// Create "SignatureSupport" variable with BS+RT attribute set.
//
- Status = AuthServiceInternalUpdateVariable (
- EFI_SIGNATURE_SUPPORT_NAME,
- &gEfiGlobalVariableGuid,
- mSignatureSupport,
- sizeof(mSignatureSupport),
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SIGNATURE_SUPPORT_NAME,
+ &gEfiGlobalVariableGuid,
+ mSignatureSupport,
+ sizeof (mSignatureSupport),
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -197,23 +198,23 @@ AuthVariableLibInitialize (
// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
//
SecureBootEnable = SECURE_BOOT_DISABLE;
- Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);
+ Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
- if (mPlatformMode == USER_MODE){
- SecureBootEnable = *(UINT8 *) Data;
+ if (mPlatformMode == USER_MODE) {
+ SecureBootEnable = *(UINT8 *)Data;
}
} else if (mPlatformMode == USER_MODE) {
//
// "SecureBootEnable" not exist, initialize it in USER_MODE.
//
SecureBootEnable = SECURE_BOOT_ENABLE;
- Status = AuthServiceInternalUpdateVariable (
- EFI_SECURE_BOOT_ENABLE_NAME,
- &gEfiSecureBootEnableDisableGuid,
- &SecureBootEnable,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ &SecureBootEnable,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -222,11 +223,12 @@ AuthVariableLibInitialize (
//
// Create "SecureBoot" variable with BS+RT attribute set.
//
- if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
+ if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {
SecureBootMode = SECURE_BOOT_MODE_ENABLE;
} else {
SecureBootMode = SECURE_BOOT_MODE_DISABLE;
}
+
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
@@ -246,13 +248,13 @@ AuthVariableLibInitialize (
// Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.
//
CustomMode = STANDARD_SECURE_BOOT_MODE;
- Status = AuthServiceInternalUpdateVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- &CustomMode,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_CUSTOM_MODE_NAME,
+ &gEfiCustomModeEnableGuid,
+ &CustomMode,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -267,7 +269,7 @@ AuthVariableLibInitialize (
Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
- (VOID **) &Data,
+ (VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@@ -287,7 +289,7 @@ AuthVariableLibInitialize (
//
// Clean up Certs to make certDB & Time based auth variable consistent
//
- Status = CleanCertsFromDb();
+ Status = CleanCertsFromDb ();
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status));
return Status;
@@ -313,7 +315,7 @@ AuthVariableLibInitialize (
//
// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
//
- Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);
+ Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
mVendorKeyState = *(UINT8 *)Data;
} else {
@@ -321,13 +323,13 @@ AuthVariableLibInitialize (
// "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.
//
mVendorKeyState = VENDOR_KEYS_VALID;
- Status = AuthServiceInternalUpdateVariable (
- EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
- &gEfiVendorKeysNvGuid,
- &mVendorKeyState,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
+ &gEfiVendorKeysNvGuid,
+ &mVendorKeyState,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -349,20 +351,20 @@ AuthVariableLibInitialize (
DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));
- AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
- AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
- AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
- AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
- mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;
- mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;
- mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;
- mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
- mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
- mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
- mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
- mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
- mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
- AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
+ AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
+ AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
+ AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
+ AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
+ mAuthVarAddressPointer[0] = (VOID **)&mCertDbStore;
+ mAuthVarAddressPointer[1] = (VOID **)&mHashCtx;
+ mAuthVarAddressPointer[2] = (VOID **)&mAuthVarLibContextIn;
+ mAuthVarAddressPointer[3] = (VOID **)&(mAuthVarLibContextIn->FindVariable),
+ mAuthVarAddressPointer[4] = (VOID **)&(mAuthVarLibContextIn->FindNextVariable),
+ mAuthVarAddressPointer[5] = (VOID **)&(mAuthVarLibContextIn->UpdateVariable),
+ mAuthVarAddressPointer[6] = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer),
+ mAuthVarAddressPointer[7] = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
+ mAuthVarAddressPointer[8] = (VOID **)&(mAuthVarLibContextIn->AtRuntime),
+ AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);
return Status;
@@ -391,16 +393,16 @@ AuthVariableLibInitialize (
EFI_STATUS
EFIAPI
AuthVariableLibProcessVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
@@ -408,7 +410,8 @@ AuthVariableLibProcessVariable (
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
- )) {
+ ))
+ {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);