From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3DA1F820A5 for ; Sun, 26 Feb 2017 21:47:30 -0800 (PST) Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP; 26 Feb 2017 21:47:29 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,212,1484035200"; d="scan'208";a="70505696" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga006.fm.intel.com with ESMTP; 26 Feb 2017 21:47:29 -0800 Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 26 Feb 2017 21:47:29 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 26 Feb 2017 21:47:29 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.132]) with mapi id 14.03.0248.002; Mon, 27 Feb 2017 13:47:26 +0800 From: "Zhang, Chao B" To: "Zhang, Lubo" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" , "Long, Qin" Thread-Topic: [edk2] [PATCH v2] SecurityPkg: Fix potential bug in Security Boot dxe. Thread-Index: AQHSjOpRKBSNoX2wBUCHfIYCch6YUaF8YAiQ Date: Mon, 27 Feb 2017 05:47:26 +0000 Message-ID: References: <1487754072-7252-1-git-send-email-lubo.zhang@intel.com> In-Reply-To: <1487754072-7252-1-git-send-email-lubo.zhang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2] SecurityPkg: Fix potential bug in Security Boot dxe. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2017 05:47:30 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Zhang Chao -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhan= g Lubo Sent: Wednesday, February 22, 2017 5:01 PM To: edk2-devel@lists.01.org Cc: Yao, Jiewen ; Zhang, Chao B ; Long, Qin Subject: [edk2] [PATCH v2] SecurityPkg: Fix potential bug in Security Boot = dxe. v2: update hash value in SecureBootConfig.vfr to keep them consistent with = macro definition in SecureBootConfigImpl.h since we removed the sha-1 definition in Hash table and related macro, but = the macro definition HashAlg index may be value 4 which is exceed the range= of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo Cc: Chao Zhang Cc: Long Qin Cc: Yao Jiewen --- .../SecureBootConfigDxe/SecureBootConfig.vfr | 10 +++++---= -- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++--= ---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secure= BootConfig.vfr index 02ddf4a..6f46d91 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= g.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfig.vfr @@ -457,17 +457,17 @@ formset =20 oneof name =3D SignatureFormatInDbx, varid =3D SECUREBOOT_CONFIGURATION.CertificateFormat, prompt =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), help =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256),= value =3D 0x2, flags =3D DEFAULT; - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384),= value =3D 0x3, flags =3D 0; - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512),= value =3D 0x4, flags =3D 0; - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), va= lue =3D 0x5, flags =3D 0; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256),= value =3D 0x1, flags =3D DEFAULT; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384),= value =3D 0x2, flags =3D 0; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512),= value =3D 0x3, flags =3D 0; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW),=20 + value =3D 0x4, flags =3D 0; endoneof; =20 - suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat =3D=3D 5= ; + suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat =3D=3D 4= ; checkbox varid =3D SECUREBOOT_CONFIGURATION.AlwaysRevocation, prompt =3D STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_P= ROMPT), help =3D STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_H= ELP), flags =3D INTERACTIVE, endcheckbox; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.h index bea9470..58030c4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.h @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; #define WIN_CERT_UEFI_RSA2048_SIZE 256 =20 // // Support hash types // -#define HASHALG_SHA224 0x00000001 -#define HASHALG_SHA256 0x00000002 -#define HASHALG_SHA384 0x00000003 -#define HASHALG_SHA512 0x00000004 -#define HASHALG_RAW 0x00000005 -#define HASHALG_MAX 0x00000005 +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 =20 =20 typedef struct { UINTN Signature; LIST_ENTRY Head; -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel