SecurityPkg: Fix potential bug in Security Boot dxe.

v2: update hash value in SecureBootConfig.vfr to keep them consistent with macro definition in SecureBootConfigImpl.h since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
author: Zhang Lubo <lubo.zhang@intel.com> 2017-02-22 17:01:12 +0800
committer: Jiaxin Wu <jiaxin.wu@intel.com> 2017-03-01 15:40:50 +0800
commit: e9429e7997b8e668126d71b8030cc3a96c36a652 (patch)
tree: f9ee8cd04d847933872180706c930254a988a3bf /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
parent: 5d2245bdcd405004c0fdf16e52b693cb56f9c927 (diff)
download: edk2-e9429e7997b8e668126d71b8030cc3a96c36a652.tar.gz
edk2-e9429e7997b8e668126d71b8030cc3a96c36a652.tar.bz2
edk2-e9429e7997b8e668126d71b8030cc3a96c36a652.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
index 02ddf4ad89..6f46d91033 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
@@ -459,13 +459,13 @@ formset
           varid       = SECUREBOOT_CONFIGURATION.CertificateFormat,
           prompt      = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
           help        = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
-          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT;
-          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0;
-          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0;
-          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0;
+          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT;
+          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0;
+          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0;
+          option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0;
     endoneof;
 
-    suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;
+    suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;
         checkbox varid  = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
                prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
                help   = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
author	Zhang Lubo <lubo.zhang@intel.com>	2017-02-22 17:01:12 +0800
committer	Jiaxin Wu <jiaxin.wu@intel.com>	2017-03-01 15:40:50 +0800
commit	e9429e7997b8e668126d71b8030cc3a96c36a652 (patch)
tree	f9ee8cd04d847933872180706c930254a988a3bf /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
parent	5d2245bdcd405004c0fdf16e52b693cb56f9c927 (diff)
download	edk2-e9429e7997b8e668126d71b8030cc3a96c36a652.tar.gz edk2-e9429e7997b8e668126d71b8030cc3a96c36a652.tar.bz2 edk2-e9429e7997b8e668126d71b8030cc3a96c36a652.zip