From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: "Chen, Chen A" <chen.a.chen@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [PATCH v2] SecurityPkg/SecureBootConfigDxe: Fix deleting signature data issue.
Date: Mon, 27 Nov 2017 02:12:17 +0000 [thread overview]
Message-ID: <FF72C7E4248F3C4E9BDF19D4918E90F249602621@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <20171127020251.1876-1-chen.a.chen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
-----Original Message-----
From: Chen, Chen A
Sent: Monday, November 27, 2017 10:03 AM
To: edk2-devel@lists.01.org
Cc: Chen, Chen A <chen.a.chen@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: [PATCH v2] SecurityPkg/SecureBootConfigDxe: Fix deleting signature data issue.
Replace "(UINT8 *)NewVariableData" with (UINT8 *)NewVariableData + Offset"
to avoid the header of EFI_SIGNATURE_LIST being copied to the front of NewVariableData every time and update ListWalker when handling the current EFI_SIGNATURE_LIST finishes.
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
---
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index d035763106..e3066f77be 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
+++ nfigImpl.c
@@ -3145,6 +3145,9 @@ DeleteSignatureEx (
if (DelType == Delete_Signature_List_All) {
VariableDataSize = 0;
} else {
+ //
+ // Traverse to target EFI_SIGNATURE_LIST but others will be skipped.
+ //
while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex < PrivateData->ListIndex) {
CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, ListWalker->SignatureListSize);
Offset += ListWalker->SignatureListSize; @@ -3154,15 +3157,17 @@ DeleteSignatureEx (
ListIndex++;
}
- if (CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) || DelType == Delete_Signature_List_One) {
- RemainingSize -= ListWalker->SignatureListSize;
- ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
- } else {
+ //
+ // Handle the target EFI_SIGNATURE_LIST.
+ // If CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) or DelType == Delete_Signature_List_One
+ // it means delete the whole EFI_SIGNATURE_LIST, So we just skip this EFI_SIGNATURE_LIST.
+ //
+ if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType ==
+ Delete_Signature_Data) {
NewCertList = (EFI_SIGNATURE_LIST *)(NewVariableData + Offset);
//
// Copy header.
//
- CopyMem ((UINT8 *)NewVariableData, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
+ CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof
+ (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
Offset += sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize;
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); @@ -3181,10 +3186,11 @@ DeleteSignatureEx (
}
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize);
}
-
- RemainingSize -= ListWalker->SignatureListSize;
}
+ RemainingSize -= ListWalker->SignatureListSize;
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker +
+ ListWalker->SignatureListSize);
+
//
// Copy remaining data, maybe 0.
//
--
2.13.2.windows.1
prev parent reply other threads:[~2017-11-27 2:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 2:02 [PATCH v2] SecurityPkg/SecureBootConfigDxe: Fix deleting signature data issue chenc2
2017-11-27 2:12 ` Zhang, Chao B [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=FF72C7E4248F3C4E9BDF19D4918E90F249602621@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox