From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 53B6E21A1099A for ; Sun, 26 Nov 2017 18:08:01 -0800 (PST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Nov 2017 18:12:22 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,462,1505804400"; d="scan'208";a="1248846009" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga002.fm.intel.com with ESMTP; 26 Nov 2017 18:12:21 -0800 Received: from fmsmsx154.amr.corp.intel.com (10.18.116.70) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 26 Nov 2017 18:12:21 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX154.amr.corp.intel.com (10.18.116.70) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 26 Nov 2017 18:12:21 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.175]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.159]) with mapi id 14.03.0319.002; Mon, 27 Nov 2017 10:12:18 +0800 From: "Zhang, Chao B" To: "Chen, Chen A" , "edk2-devel@lists.01.org" Thread-Topic: [PATCH v2] SecurityPkg/SecureBootConfigDxe: Fix deleting signature data issue. Thread-Index: AQHTZyPqlUp6hB0QlEO9L9/m2C+z5KMne9jg Date: Mon, 27 Nov 2017 02:12:17 +0000 Message-ID: References: <20171127020251.1876-1-chen.a.chen@intel.com> In-Reply-To: <20171127020251.1876-1-chen.a.chen@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOWZhYTk1YTctNTc1OC00OTBjLWIwZWMtZDM3YWY3YWY4NDU2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJHT1wvWG1SY3Q0dDRhaVd5c2lTcVkwQ2hyVUJvTWNqaXZwVlQ4MGxHV1lHVm12NmdLcUtcL0dOaEFVOUZCSFdMRjgifQ== dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2] SecurityPkg/SecureBootConfigDxe: Fix deleting signature data issue. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2017 02:08:01 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Chao Zhang -----Original Message----- From: Chen, Chen A=20 Sent: Monday, November 27, 2017 10:03 AM To: edk2-devel@lists.01.org Cc: Chen, Chen A ; Zhang, Chao B Subject: [PATCH v2] SecurityPkg/SecureBootConfigDxe: Fix deleting signature= data issue. Replace "(UINT8 *)NewVariableData" with (UINT8 *)NewVariableData + Offset" to avoid the header of EFI_SIGNATURE_LIST being copied to the front of NewV= ariableData every time and update ListWalker when handling the current EFI_= SIGNATURE_LIST finishes. Cc: Zhang Chao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 --- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 20 +++++++++++++---= ---- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.c index d035763106..e3066f77be 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.c @@ -3145,6 +3145,9 @@ DeleteSignatureEx ( if (DelType =3D=3D Delete_Signature_List_All) { VariableDataSize =3D 0; } else { + // + // Traverse to target EFI_SIGNATURE_LIST but others will be skipped. + // while ((RemainingSize > 0) && (RemainingSize >=3D ListWalker->Signatur= eListSize) && ListIndex < PrivateData->ListIndex) { CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, ListWalker->= SignatureListSize); Offset +=3D ListWalker->SignatureListSize; @@ -3154,15 +3157,17 @@ D= eleteSignatureEx ( ListIndex++; } =20 - if (CheckedCount =3D=3D SIGNATURE_DATA_COUNTS (ListWalker) || DelType = =3D=3D Delete_Signature_List_One) { - RemainingSize -=3D ListWalker->SignatureListSize; - ListWalker =3D (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalk= er->SignatureListSize); - } else { + // + // Handle the target EFI_SIGNATURE_LIST. + // If CheckedCount =3D=3D SIGNATURE_DATA_COUNTS (ListWalker) or DelTy= pe =3D=3D Delete_Signature_List_One + // it means delete the whole EFI_SIGNATURE_LIST, So we just skip this= EFI_SIGNATURE_LIST. + // + if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType =3D= =3D=20 + Delete_Signature_Data) { NewCertList =3D (EFI_SIGNATURE_LIST *)(NewVariableData + Offset); // // Copy header. // - CopyMem ((UINT8 *)NewVariableData, ListWalker, sizeof (EFI_SIGNATURE= _LIST) + ListWalker->SignatureHeaderSize); + CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof=20 + (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); Offset +=3D sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeade= rSize; =20 DataWalker =3D (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(E= FI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); @@ -3181,10 +3186,11= @@ DeleteSignatureEx ( } DataWalker =3D (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWa= lker->SignatureSize); } - - RemainingSize -=3D ListWalker->SignatureListSize; } =20 + RemainingSize -=3D ListWalker->SignatureListSize; + ListWalker =3D (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker +=20 + ListWalker->SignatureListSize); + // // Copy remaining data, maybe 0. // -- 2.13.2.windows.1