diff options
| author | Zhang Lubo <lubo.zhang@intel.com> | 2017-01-05 14:58:05 +0800 |
|---|---|---|
| committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-02-20 10:09:53 +0800 |
| commit | c035e37335ae43229d7e68de74a65f2c01ebc0af (patch) | |
| tree | ffdf5d04eae742a9f907149ffde82c2b8e0c74a2 /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | |
| parent | 80e63e846af4ac135da5faccead7450e956d6462 (diff) | |
| download | edk2-c035e37335ae43229d7e68de74a65f2c01ebc0af.tar.gz edk2-c035e37335ae43229d7e68de74a65f2c01ebc0af.tar.bz2 edk2-c035e37335ae43229d7e68de74a65f2c01ebc0af.zip | |
SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.
V3: code clean up
prohibit Image SHA-1 hash option in SecureBootConfigDxe.
Timebased Auth Variable driver should ensure AuthAlgorithm
is SHA256 before further verification
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Diffstat (limited to 'SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c')
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 0d9618597b..6f587291e2 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1,7 +1,7 @@ /** @file
HII Config Access protocol implementation of SecureBoot configuration module.
-Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -63,7 +63,6 @@ UINT8 mHashOidValue[] = { };
HASH_TABLE mHash[] = {
- { L"SHA1", 20, &mHashOidValue[8], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
{ L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL },
{ L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final},
{ L"SHA384", 48, &mHashOidValue[31], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final},
@@ -1786,7 +1785,7 @@ HashPeImage ( SectionHeader = NULL;
Status = FALSE;
- if ((HashAlg != HASHALG_SHA1) && (HashAlg != HASHALG_SHA256)) {
+ if (HashAlg != HASHALG_SHA256) {
return FALSE;
}
@@ -1795,13 +1794,8 @@ HashPeImage ( //
ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
- if (HashAlg == HASHALG_SHA1) {
- mImageDigestSize = SHA1_DIGEST_SIZE;
- mCertType = gEfiCertSha1Guid;
- } else if (HashAlg == HASHALG_SHA256) {
- mImageDigestSize = SHA256_DIGEST_SIZE;
- mCertType = gEfiCertSha256Guid;
- }
+ mImageDigestSize = SHA256_DIGEST_SIZE;
+ mCertType = gEfiCertSha256Guid;
CtxSize = mHash[HashAlg].GetContextSize();
|