From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com [40.107.8.54]) by mx.groups.io with SMTP id smtpd.web09.27321.1639496628172050582 for ; Tue, 14 Dec 2021 07:43:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=W3sQX6ez; spf=pass (domain: arm.com, ip: 40.107.8.54, mailfrom: sunny.wang@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L0sozQ/xRXPc3ifonBQNQudiULPsSWN5aOrIpB9QNMA=; b=W3sQX6ez65PCJyyHdiAbfNtr6w/x/RVicEw+BG8tR0nhAz1hDsqS3CJt3fHW2/Sg7fyoZDfvv5WVKgSVCc9QEaiMy2GkqaZn26KkFp17j3fRmD6Cmd0cMP2hUBoyMty+dWkBSSjYrkEm07GUMLR0fqmOIHhTTAmPeM8K9iZ7Sao= Received: from AM6PR02CA0033.eurprd02.prod.outlook.com (2603:10a6:20b:6e::46) by AM9PR08MB7198.eurprd08.prod.outlook.com (2603:10a6:20b:3df::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.12; Tue, 14 Dec 2021 15:43:45 +0000 Received: from AM5EUR03FT021.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:6e:cafe::12) by AM6PR02CA0033.outlook.office365.com (2603:10a6:20b:6e::46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.13 via Frontend Transport; Tue, 14 Dec 2021 15:43:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT021.mail.protection.outlook.com (10.152.16.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.12 via Frontend Transport; Tue, 14 Dec 2021 15:43:45 +0000 Received: ("Tessian outbound de6049708a0a:v110"); Tue, 14 Dec 2021 15:43:45 +0000 X-CR-MTA-TID: 64aa7808 Received: from a3de70612ce7.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E04AF9B0-D4E0-4170-A721-936EFA68B8D1.1; Tue, 14 Dec 2021 15:43:35 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a3de70612ce7.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 14 Dec 2021 15:43:35 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O/j6cJGFOA6fZLIVA8Pmkbs1aZOk2HNY5jXq3Vy45E9DPl28mFE4PWOfVY0YmD3rYENRYI8Lq2Gme9qQt01vqkd+pPZusDU7QVC+2tkidYMOcFPXJkHYPgi1uo/fSuD04I4D/2AwygQeyhugVOqVtus88dzdwYTBKsO0E919hnFjSWrRknHsWscKm3xXkvaGJJ4sjzZqNqKaaDZSa6nWOtgtTjI6JtaqDShgCDGLQvt/lQH3VKo3r4NRvsUN/ER7cL35tlDvk41oaXpPL7nhnPK/Vvx6lW+wlTef/QZ0zvWYoqb9YyBaE0RsdgvATsLs52Z1YwDGQJ45khc9UCeO6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L0sozQ/xRXPc3ifonBQNQudiULPsSWN5aOrIpB9QNMA=; b=NooADgUJRppdu3QHB7u7X2MuRsZ2HSNBKzI8+iI9PwbrBUOSWVEvIqj+482tvM0ok4dtLKOTaFTQfPm5ttf4fwbfQCHdzEafG5TVyssD3kumAu+0L+rhRh88MRtUJbu3q2jajEZQ+tiU5Uvy443/f360/f6uJtdNip3HVdpqxsaf/CQApUqfYtVucv490i0nY7rzHKRM55tSvIqo18axVTvXkQ0gYUsSapV/tlJY0t+Au9beGqvXJLCczyfYhOf0MY5hIsm1LO0/2aMPGoz5QcWwIGhji8XBjxx0DysHbZOksqa46w3AQ7CP/M0rKTmMwk7rtciXzAUyiUF1TWJMMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L0sozQ/xRXPc3ifonBQNQudiULPsSWN5aOrIpB9QNMA=; b=W3sQX6ez65PCJyyHdiAbfNtr6w/x/RVicEw+BG8tR0nhAz1hDsqS3CJt3fHW2/Sg7fyoZDfvv5WVKgSVCc9QEaiMy2GkqaZn26KkFp17j3fRmD6Cmd0cMP2hUBoyMty+dWkBSSjYrkEm07GUMLR0fqmOIHhTTAmPeM8K9iZ7Sao= Received: from DB8PR08MB3993.eurprd08.prod.outlook.com (2603:10a6:10:ad::26) by DB6PR0802MB2293.eurprd08.prod.outlook.com (2603:10a6:4:86::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.18; Tue, 14 Dec 2021 15:43:32 +0000 Received: from DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::6158:8322:4271:e623]) by DB8PR08MB3993.eurprd08.prod.outlook.com ([fe80::6158:8322:4271:e623%5]) with mapi id 15.20.4778.018; Tue, 14 Dec 2021 15:43:31 +0000 From: "Sunny Wang" To: Grzegorz Bernacki , "devel@edk2.groups.io" , Patrick Rudolph CC: "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , Samer El-Haj-Mahmoud , "mw@semihalf.com" , "upstream@semihalf.com" , Sunny Wang Subject: Re: [PATCH v1] SecurityPkg: Improve initialization of default key variables. Thread-Topic: [PATCH v1] SecurityPkg: Improve initialization of default key variables. Thread-Index: AQHXuq1IJfNx4HBVBkOjcQ/KTHuYn6wyi0Nw Date: Tue, 14 Dec 2021 15:43:31 +0000 Message-ID: References: <20211006122525.1893234-1-gjb@semihalf.com> In-Reply-To: <20211006122525.1893234-1-gjb@semihalf.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 0A3F7E45884295478BD668E202EF25EA.0 x-checkrecipientchecked: true Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-MS-Office365-Filtering-Correlation-Id: 9469d842-5c85-4329-0df4-08d9bf18834f x-ms-traffictypediagnostic: DB6PR0802MB2293:EE_|AM5EUR03FT021:EE_|AM9PR08MB7198:EE_ X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:568;OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: 2Bvjscel30yPhCxTHWa0INBvFxfVX76sukT6nz1mX4DSSNV62/Wjqu5VCVRaXGkmdaZYUsxcet2Tlg/wAnMaEdZJJkvOBshLfOhVjZ1a0WmC5f5U5SbiAvoIjTTlvs4KlZWW4Aeyx8UVjtRNx/FE6OG6wrNGHh/XJwLMW0mAhHmUVLKKVqFf9oSMKrlcINqqk+gLsuF2jLpnP1WmwZGZWMJ1ZnfpLIaDK9obFWGMdhQW2ek8+se66gCnMct/hDpLHUP+dh8/L2cBhKA2bJHTSIsu+5pSFhhZx1IMJaZ0AqWGqzSgWHG/KZchwb29qYbeApYdEx0tNACO4/3MP03kz3yUqRKkCbscWUSvRhUfbNYtwqd8uU6+GAO8JkF0HW3i5kwejIGl99oxH+Q7HkhvCRg7SCezSyUfLNscXcdYS57P7bxvPS0IXs6CAOV/iV7nK/WT+3NxIF7KpvqMlRsceJ5u+vGRqCi2suAxZRUa+/+CXkeV+mNg8bKlST43ZBWdWdBgCldSGFk8PDWr0Eg2Rxotr71zOyOaHglG4EVcN7De3/sOz6mNKPfG6yLqhOP8S85bwNooHS4tDCV0MSfHneUsXdaUJ4e7keh6ctIfNgYcxt7puXPdoc6j5aPiX52+fJKPyjfLlRccgm4Fe3SiVg/ufYG8Fo4DN8pD2x7tLsObCQ5gnl1dZd1KICAQadOvXe3UUbqQaatN9BfjBkzxxkkzrrtcZ92wNwLT0jXpn4ZnrlQz2wMZnhps6OyIrYDxsOQxCPu5uqNtq0InQxNWdTtI6BTtLMrtDzZZUPS6LGw= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR08MB3993.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(966005)(6506007)(26005)(7696005)(53546011)(52536014)(4326008)(508600001)(55016003)(15650500001)(186003)(83380400001)(54906003)(86362001)(2906002)(8676002)(8936002)(9686003)(38100700002)(122000001)(5660300002)(71200400001)(33656002)(76116006)(316002)(66946007)(110136005)(38070700005)(66446008)(66556008)(64756008)(66476007);DIR:OUT;SFP:1101; MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2293 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Return-Path: Sunny.Wang@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT021.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 833d0ae7-d98a-44ba-06c8-08d9bf187b57 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nyp8P1so9VrcyE0B8ylnDmQ0XPVehfvnZwwk+tUKpapVdg3V+een8e0XbyazTD9LLNJkkhioqsCDkMo97pDnQC+KkplsMpAXI1/pBNurOMGaUC0/IOXg4oxS25Z0axIvGhr+MCYhwhfeQ5vSaFbtQEhVbSjxdNB2FubsiiiyIGVPgjaTChBZyZnisg50yfGJF+0yZlPwtqK53yIgjJ/XbNniiMyhiV04cSuMW5LDVXaaKHnT3zE7Wzwq+vYomVWnG1rNG1o21jhH5V87N4p0xZNvt/EfmKpWV5RgmJHixKLru/SmeHmCNx4ybUcp2fGg1L1+q8B6HwBj1MSsub3YX2gidmHWd2d/jTIlL9tdYM06RON/zJKJpd1VzZBWZ8nkzecpl/1KsrF9i2UL9Ezv8wrAO6ZgdcSsQH3dEX0CSaOa3bT6Ez8cdZPREQtmMtm73BYtYYYE4EzLwZeqn3EudM46hjRKnDmU9jzlnuHCqlLqqJe6snZ8lfyKRNdRARFgknM89XGtnrhcOJgmd70rqFysoEjOuh5y6p86Di5TC0HLqTZStN01gqxzQ9FsQb4KKbmlcJuRxMO+YmYf3zUt+zFrkJlITnYxveNudCkBOhJYPFBfznb0+NwkVCnZ/Qis2oS6KZtn+E9xlkRIeUuMq1bGOPA9fegrY6uZ973rfMOOAzZqfllva7X7OYZ8iRCR3I7ZsL6CggigHrEV/XJfB/2Lg5dOoZ3I+zXiulOFS+AqUr44obug3XD4Zc58c1CO8z0ITg3yBM7qBjS/iTy2evOpJsecZ0m/FTUWYL+mwMfD59UgUHImzAt5sW3NCy6BiVbMLGGEMLxTjYcvb6A+RC7g8UtzfQw32IqvjiXsMc0= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(36840700001)(46966006)(40470700001)(356005)(47076005)(83380400001)(54906003)(186003)(40460700001)(86362001)(110136005)(81166007)(70206006)(7696005)(52536014)(55016003)(36860700001)(15650500001)(2906002)(82310400004)(8936002)(4326008)(508600001)(5660300002)(26005)(8676002)(966005)(9686003)(33656002)(6506007)(336012)(53546011)(316002)(70586007);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Dec 2021 15:43:45.2127 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9469d842-5c85-4329-0df4-08d9bf18834f X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT021.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR08MB7198 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Looks good to me. Reviewed-by: Sunny Wang Hi Patrick, This patch is to address your comment below. Could you give this patch a tr= y on your side? https://edk2.groups.io/g/devel/message/79766?p=3D%2C%2C%2C20%2C0%2C0%2C0%3A= %3Arecentpostdate%2Fsticky%2C%2CSecurityPkg%3A+Create+library+for+enrolling= +Secure+Boot+variables.%2C20%2C2%2C0%2C84608356 Best Regards, Sunny -----Original Message----- From: Grzegorz Bernacki Sent: 06 October 2021 13:25 To: devel@edk2.groups.io Cc: jiewen.yao@intel.com; jian.j.wang@intel.com; Samer El-Haj-Mahmoud ; Sunny Wang ; mw@semihalf.com= ; upstream@semihalf.com; Grzegorz Bernacki Subject: [PATCH v1] SecurityPkg: Improve initialization of default key vari= ables. This commit allows to use data in EFI_VARIABLE_AUTHENTICATION_2 structure format to initialize default secure boot variables. It allows to use revocation list published by UEFI. Signed-off-by: Grzegorz Bernacki --- SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 90 +++= +++++++++-------- 1 file changed, 56 insertions(+), 34 deletions(-) diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLi= b.c b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c index ff65184713..1f8869b1d2 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c +++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c @@ -73,20 +73,19 @@ CreateSigList ( /** Adds new signature list to signature database. - @param[in] SigLists A pointer to signature database. - @param[in] SigListAppend A signature list to be added. - @param[out] *SigListOut Created signature database. + @param[in,out] SigLists A pointer to signature database. + @param[in] SigListAppend A signature list to be added. @param[in, out] SigListsSize A size of created signature database. @retval EFI_SUCCESS Signature List was added successfully. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + @retval EFI_INVALID_PARAMETER Invalid parameters. **/ STATIC EFI_STATUS ConcatenateSigList ( - IN EFI_SIGNATURE_LIST *SigLists, + IN EFI_SIGNATURE_LIST **SigLists, IN EFI_SIGNATURE_LIST *SigListAppend, - OUT EFI_SIGNATURE_LIST **SigListOut, IN OUT UINTN *SigListsSize ) { @@ -94,6 +93,10 @@ ConcatenateSigList ( UINT8 *Offset; UINTN NewSigListsSize; + if ((SigLists =3D=3D NULL) || (SigListsSize =3D=3D NULL) || (SigListAppe= nd =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + NewSigListsSize =3D *SigListsSize + SigListAppend->SignatureListSize; TmpSigList =3D (EFI_SIGNATURE_LIST *) AllocateZeroPool (NewSigListsSize)= ; @@ -101,14 +104,17 @@ ConcatenateSigList ( return EFI_OUT_OF_RESOURCES; } - CopyMem (TmpSigList, SigLists, *SigListsSize); + if (*SigLists !=3D NULL) { + CopyMem (TmpSigList, *SigLists, *SigListsSize); + FreePool(*SigLists); + } Offset =3D (UINT8 *)TmpSigList; Offset +=3D *SigListsSize; CopyMem ((VOID *)Offset, SigListAppend, SigListAppend->SignatureListSize= ); *SigListsSize =3D NewSigListsSize; - *SigListOut =3D TmpSigList; + *SigLists =3D TmpSigList; return EFI_SUCCESS; } @@ -133,14 +139,15 @@ SecureBootFetchData ( OUT EFI_SIGNATURE_LIST **SigListOut ) { + EFI_VARIABLE_AUTHENTICATION_2 *Auth2; EFI_SIGNATURE_LIST *EfiSig; EFI_SIGNATURE_LIST *TmpEfiSig; - EFI_SIGNATURE_LIST *TmpEfiSig2; EFI_STATUS Status; VOID *Buffer; VOID *RsaPubKey; UINTN Size; UINTN KeyIndex; + UINTN SigListOffset; KeyIndex =3D 0; @@ -154,42 +161,57 @@ SecureBootFetchData ( &Buffer, &Size ); + if (Status =3D=3D EFI_NOT_FOUND && KeyIndex > 0) { + break; + } else if (EFI_ERROR(Status)) { + if (EfiSig !=3D NULL) { + FreePool(EfiSig); + } + return EFI_INVALID_PARAMETER; + } - if (Status =3D=3D EFI_SUCCESS) { - RsaPubKey =3D NULL; - if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) =3D=3D FALSE)= { - DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__,= KeyIndex)); + RsaPubKey =3D NULL; + Auth2 =3D (EFI_VARIABLE_AUTHENTICATION_2 *)Buffer; + if ((Auth2->AuthInfo.Hdr.wCertificateType =3D=3D WIN_CERT_TYPE_EFI_GUI= D) && + (CompareGuid (&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType) =3D= =3D TRUE)) { + + SigListOffset =3D Auth2->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF= (WIN_CERTIFICATE_UEFI_GUID, CertData)); + TmpEfiSig =3D (EFI_SIGNATURE_LIST *) &Auth2->AuthInfo.CertData[SigLi= stOffset]; + Size -=3D OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo); + Size -=3D OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); + Size -=3D SigListOffset; + + while (Size > 0) { + ConcatenateSigList (&EfiSig, TmpEfiSig, SigListsSize); + Size -=3D TmpEfiSig->SignatureListSize; + TmpEfiSig =3D (EFI_SIGNATURE_LIST *)((UINT8 *)TmpEfiSig + TmpEfiSi= g->SignatureListSize); + } + } else if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) =3D=3D T= RUE) { + Status =3D CreateSigList (Buffer, Size, &TmpEfiSig); + + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "%a: Cannot create a sig list\n", __FUNCTION_= _)); if (EfiSig !=3D NULL) { FreePool(EfiSig); } FreePool(Buffer); - return EFI_INVALID_PARAMETER; - } - Status =3D CreateSigList (Buffer, Size, &TmpEfiSig); - - // - // Concatenate lists if more than one section found - // - if (KeyIndex =3D=3D 0) { - EfiSig =3D TmpEfiSig; - *SigListsSize =3D TmpEfiSig->SignatureListSize; - } else { - ConcatenateSigList (EfiSig, TmpEfiSig, &TmpEfiSig2, SigListsSize); - FreePool (EfiSig); - FreePool (TmpEfiSig); - EfiSig =3D TmpEfiSig2; + return Status; } - KeyIndex++; - FreePool (Buffer); - } if (Status =3D=3D EFI_NOT_FOUND) { - break; + ConcatenateSigList (&EfiSig, TmpEfiSig, SigListsSize); + FreePool (TmpEfiSig); + } else { + DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, K= eyIndex)); + if (EfiSig !=3D NULL) { + FreePool(EfiSig); + } + FreePool(Buffer); + return EFI_INVALID_PARAMETER; } - }; - if (KeyIndex =3D=3D 0) { - return EFI_NOT_FOUND; + KeyIndex++; + FreePool (Buffer); } *SigListOut =3D EfiSig; -- 2.25.1 IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.