From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by ml01.01.org (Postfix) with ESMTP id 1E4541A1E14 for ; Tue, 16 Aug 2016 00:20:04 -0700 (PDT) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP; 16 Aug 2016 00:20:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,529,1464678000"; d="scan'208";a="1026144832" Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.151]) by fmsmga001.fm.intel.com with ESMTP; 16 Aug 2016 00:20:02 -0700 From: Jiaxin Wu To: edk2-devel@lists.01.org Cc: Palmer Thomas , Long Qin , Ye Ting , Fu Siyuan Date: Tue, 16 Aug 2016 15:19:57 +0800 Message-Id: <1471331997-39972-3-git-send-email-jiaxin.wu@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.1 In-Reply-To: <1471331997-39972-1-git-send-email-jiaxin.wu@intel.com> References: <1471331997-39972-1-git-send-email-jiaxin.wu@intel.com> Subject: [staging/HTTPS-TLS][PATCH 2/2] NetworkPkg/TlsAuthConfigDxe: TlsCaCertificate variable attribute update X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2016 07:20:04 -0000 Remove the RT attribute for TlsCaCertificate variable protecting. If so, we can treat this variable as security in certain case. Cc: Palmer Thomas Cc: Long Qin Cc: Ye Ting Cc: Fu Siyuan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu --- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 2 +- NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c index f265b42..1132cac 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c @@ -999,11 +999,11 @@ EnrollX509toVariable ( // // Check if signature database entry has been already existed. // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the // new signature data to original variable // - Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS; + Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR; Status = gRT->GetVariable( VariableName, &gEfiTlsCaCertificateGuid, NULL, diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h index dea3cda..398f7b6 100644 --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h @@ -51,10 +51,12 @@ extern UINT8 TlsAuthConfigDxeStrings[]; extern UINT8 TlsAuthConfigVfrBin[]; #define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D') #define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE) +#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) + typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA; typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT; /// /// HII specific Vendor Device Path definition. -- 1.9.5.msysgit.1