Revision: 15811
http://sourceforge.net/p/edk2/code/15811
Author: gdong1
Date: 2014-08-15 08:10:55 +0000 (Fri, 15 Aug 2014)
Log Message:
-----------
1) Update code to use PcdFixedUsbCredentialProviderTokenFileName and
PcdMaxVariableSize as patchable PCD instead of FixedAtBuild PCD.
2) Correct a typo in file comments of Tpm12Ownership.c
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <[email protected]>
Reviewed-by: Gao, Liming <[email protected]>
Reviewed-by: Yao, Jiewen <[email protected]>
Modified Paths:
--------------
trunk/edk2/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
trunk/edk2/SecurityPkg/SecurityPkg.dec
trunk/edk2/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
Modified: trunk/edk2/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
===================================================================
--- trunk/edk2/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
2014-08-15 05:33:34 UTC (rev 15810)
+++ trunk/edk2/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
2014-08-15 08:10:55 UTC (rev 15811)
@@ -1,7 +1,7 @@
/** @file
- Implement TPM1.2 Startup related command.
+ Implement TPM1.2 Ownership related command.
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
Modified: trunk/edk2/SecurityPkg/SecurityPkg.dec
===================================================================
--- trunk/edk2/SecurityPkg/SecurityPkg.dec 2014-08-15 05:33:34 UTC (rev
15810)
+++ trunk/edk2/SecurityPkg/SecurityPkg.dec 2014-08-15 08:10:55 UTC (rev
15811)
@@ -216,10 +216,6 @@
# IMAGE_FROM_FIXED_MEDIA 0x00000010
gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004
- ## The token file name used to save credential in USB credential provider
driver.
- # The specified file should be saved at the root directory of USB storage
disk.
-
gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005
-
## The size of Append variable buffer. This buffer is reserved for runtime
use, OS can append data into one existing variable.
gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005
@@ -229,6 +225,12 @@
# If 1, TCG platform type is server.
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006
+[PcdsFixedAtBuild, PcdsPatchableInModule]
+ ## Null-terminated Unicode string of the file name that is the default name
to save USB credential.
+ # The specified file should be saved at the root directory of USB storage
disk.
+ # @Prompt File name to save credential.
+
gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005
+
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## This PCD indicates the presence or absence of the platform operator.
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001
Modified:
trunk/edk2/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
===================================================================
---
trunk/edk2/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
2014-08-15 05:33:34 UTC (rev 15810)
+++
trunk/edk2/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c
2014-08-15 08:10:55 UTC (rev 15811)
@@ -478,7 +478,7 @@
BufSize = 0;
Buffer = NULL;
- TokenFile = FixedPcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
+ TokenFile = PcdGetPtr (PcdFixedUsbCredentialProviderTokenFileName);
Status = GetFileData (TokenFile, (VOID *)&Buffer, &BufSize);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n",
TokenFile, Status));
Modified: trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
===================================================================
--- trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
2014-08-15 05:33:34 UTC (rev 15810)
+++ trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
2014-08-15 08:10:55 UTC (rev 15811)
@@ -32,9 +32,12 @@
///
/// Global database array for scratch
///
-UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
+UINT8 *mPubKeyStore;
UINT32 mPubKeyNumber;
-UINT8 mCertDbStore[MAX_CERTDB_SIZE];
+UINT32 mMaxKeyNumber;
+UINT32 mMaxKeyDbSize;
+UINT8 *mCertDbStore;
+UINT32 mMaxCertDbSize;
UINT32 mPlatformMode;
UINT8 mVendorKeyState;
@@ -184,6 +187,25 @@
}
//
+ // Reserve runtime buffer for public key database. The size excludes
variable header and name size.
+ //
+ mMaxKeyDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) -
sizeof (AUTHVAR_KEYDB_NAME);
+ mMaxKeyNumber = mMaxKeyDbSize / EFI_CERT_TYPE_RSA2048_SIZE;
+ mPubKeyStore = AllocateRuntimePool (mMaxKeyDbSize);
+ if (mPubKeyStore == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Reserve runtime buffer for certificate database. The size excludes
variable header and name size.
+ //
+ mMaxCertDbSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) -
sizeof (EFI_CERT_DB_NAME);
+ mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
+ if (mCertDbStore == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
// Prepare runtime buffer for serialized data of time-based authenticated
// Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).
//
@@ -503,7 +525,7 @@
//
// Add public key in database.
//
- if (mPubKeyNumber == MAX_KEY_NUM) {
+ if (mPubKeyNumber == mMaxKeyNumber) {
//
// Public key dadatase is full, try to reclaim invalid key.
//
@@ -545,7 +567,7 @@
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
- if (mPubKeyNumber == MAX_KEY_NUM) {
+ if (mPubKeyNumber == mMaxKeyNumber) {
return 0;
}
}
@@ -1996,7 +2018,7 @@
NameSize = (UINT32) StrLen (VariableName);
CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize +
NameSize * sizeof (CHAR16);
NewCertDbSize = (UINT32) DataSize + CertNodeSize;
- if (NewCertDbSize > MAX_CERTDB_SIZE) {
+ if (NewCertDbSize > mMaxCertDbSize) {
return EFI_OUT_OF_RESOURCES;
}
NewCertDb = (UINT8*) mCertDbStore;
Modified: trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
===================================================================
--- trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
2014-08-15 05:33:34 UTC (rev 15810)
+++ trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
2014-08-15 08:10:55 UTC (rev 15811)
@@ -2,7 +2,7 @@
The internal header file includes the common header files, defines
internal structure and functions used by AuthService module.
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -38,18 +38,11 @@
#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
///
-/// Max size of public key database, restricted by max individal EFI varible
size, exclude variable header and name size.
-///
-#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof
(VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME))
-#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
-
-///
/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
///
///
#define EFI_CERT_DB_NAME L"certdb"
-#define MAX_CERTDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof
(VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME))
///
/// Struct to record signature requirement defined by UEFI spec.
@@ -326,7 +319,8 @@
OUT BOOLEAN *VarDel
);
-extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
+extern UINT8 *mPubKeyStore;
+extern UINT8 *mCertDbStore;
extern UINT32 mPubKeyNumber;
extern VOID *mHashCtx;
extern UINT8 *mSerializationRuntimeBuffer;
Modified: trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
===================================================================
--- trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
2014-08-15 05:33:34 UTC (rev 15810)
+++ trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
2014-08-15 08:10:55 UTC (rev 15811)
@@ -243,6 +243,8 @@
EfiConvertPointer (0x0, (VOID **) &mHashCtx);
EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
+ EfiConvertPointer (0x0, (VOID **) &mPubKeyStore);
+ EfiConvertPointer (0x0, (VOID **) &mCertDbStore);
//
// in the list of locked variables, convert the name pointers first
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
