Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-22 12:54:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

efi_loader: time based authentication

Browse source 
When overwriting an existing time base authenticated variable we should
compare to the preceding time value and not to the start of the epoch.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
Heinrich Schuchardt 2020-07-01 15:32:47 +02:00
parent 33f183f68b
commit cb7116030a
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/efi_loader/efi_variable.c
View file

@ -35,7 +35,8 @@ static u8 efi_vendor_keys;
static efi_status_t efi_get_variable_common(u16 *variable_name, static efi_status_t efi_get_variable_common(u16 *variable_name,
const efi_guid_t *vendor, const efi_guid_t *vendor,
u32 *attributes, u32 *attributes,
efi_uintn_t *data_size, void *data); efi_uintn_t *data_size, void *data,
u64 *timep);
static efi_status_t efi_set_variable_common(u16 *variable_name, static efi_status_t efi_set_variable_common(u16 *variable_name,
const efi_guid_t *vendor, const efi_guid_t *vendor,
@ -309,7 +310,7 @@ static efi_status_t efi_init_secure_state(void)
size = 0; size = 0;
ret = efi_get_variable_common(L"PK", &efi_global_variable_guid, ret = efi_get_variable_common(L"PK", &efi_global_variable_guid,
NULL, &size, NULL); NULL, &size, NULL, NULL);
if (ret == EFI_BUFFER_TOO_SMALL) { if (ret == EFI_BUFFER_TOO_SMALL) {
if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT)) if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
mode = EFI_MODE_USER; mode = EFI_MODE_USER;
@ -601,7 +602,8 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
static efi_status_t efi_get_variable_common(u16 *variable_name, static efi_status_t efi_get_variable_common(u16 *variable_name,
const efi_guid_t *vendor, const efi_guid_t *vendor,
u32 *attributes, u32 *attributes,
efi_uintn_t *data_size, void *data) efi_uintn_t *data_size, void *data,
u64 *timep)
{ {
char *native_name; char *native_name;
efi_status_t ret; efi_status_t ret;
@ -626,6 +628,9 @@ static efi_status_t efi_get_variable_common(u16 *variable_name,
val = parse_attr(val, &attr, &time); val = parse_attr(val, &attr, &time);
if (timep)
*timep = time;
in_size = *data_size; in_size = *data_size;
if ((s = prefix(val, "(blob)"))) { if ((s = prefix(val, "(blob)"))) {
@ -709,7 +714,7 @@ efi_status_t EFIAPI efi_get_variable(u16 *variable_name,
data_size, data); data_size, data);
ret = efi_get_variable_common(variable_name, vendor, attributes, ret = efi_get_variable_common(variable_name, vendor, attributes,
data_size, data); data_size, data, NULL);
return EFI_EXIT(ret); return EFI_EXIT(ret);
} }
@ -905,7 +910,7 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
old_size = 0; old_size = 0;
attr = 0; attr = 0;
ret = efi_get_variable_common(variable_name, vendor, &attr, ret = efi_get_variable_common(variable_name, vendor, &attr,
&old_size, NULL); &old_size, NULL, &time);
append = !!(attributes & EFI_VARIABLE_APPEND_WRITE); append = !!(attributes & EFI_VARIABLE_APPEND_WRITE);
attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE; attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE;
delete = !append && (!data_size || !attributes); delete = !append && (!data_size || !attributes);
@ -996,7 +1001,7 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
goto err; goto err;
} }
ret = efi_get_variable_common(variable_name, vendor, ret = efi_get_variable_common(variable_name, vendor,
&attr, &old_size, old_data); &attr, &old_size, old_data, NULL);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
} else { } else {