* [PATCH 1/1] efi_loader: time based authentication
@ 2020-07-01 18:11 Heinrich Schuchardt
0 siblings, 0 replies; only message in thread
From: Heinrich Schuchardt @ 2020-07-01 18:11 UTC (permalink / raw)
To: u-boot
When overwriting an existing time base authenticated variable we should
compare to the preceding time value and not to the start of the epoch.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
lib/efi_loader/efi_variable.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index c262cb5972..974b710fec 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -35,7 +35,8 @@ static u8 efi_vendor_keys;
static efi_status_t efi_get_variable_common(u16 *variable_name,
const efi_guid_t *vendor,
u32 *attributes,
- efi_uintn_t *data_size, void *data);
+ efi_uintn_t *data_size, void *data,
+ u64 *timep);
static efi_status_t efi_set_variable_common(u16 *variable_name,
const efi_guid_t *vendor,
@@ -308,7 +309,7 @@ static efi_status_t efi_init_secure_state(void)
size = 0;
ret = efi_get_variable_common(L"PK", &efi_global_variable_guid,
- NULL, &size, NULL);
+ NULL, &size, NULL, NULL);
if (ret == EFI_BUFFER_TOO_SMALL) {
if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
mode = EFI_MODE_USER;
@@ -596,7 +597,8 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
static efi_status_t efi_get_variable_common(u16 *variable_name,
const efi_guid_t *vendor,
u32 *attributes,
- efi_uintn_t *data_size, void *data)
+ efi_uintn_t *data_size, void *data,
+ u64 *timep)
{
char *native_name;
efi_status_t ret;
@@ -621,6 +623,9 @@ static efi_status_t efi_get_variable_common(u16 *variable_name,
val = parse_attr(val, &attr, &time);
+ if (timep)
+ *timep = time;
+
in_size = *data_size;
if ((s = prefix(val, "(blob)"))) {
@@ -704,7 +709,7 @@ efi_status_t EFIAPI efi_get_variable(u16 *variable_name,
data_size, data);
ret = efi_get_variable_common(variable_name, vendor, attributes,
- data_size, data);
+ data_size, data, NULL);
return EFI_EXIT(ret);
}
@@ -900,7 +905,7 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
old_size = 0;
attr = 0;
ret = efi_get_variable_common(variable_name, vendor, &attr,
- &old_size, NULL);
+ &old_size, NULL, &time);
append = !!(attributes & EFI_VARIABLE_APPEND_WRITE);
attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE;
delete = !append && (!data_size || !attributes);
@@ -991,7 +996,7 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
goto err;
}
ret = efi_get_variable_common(variable_name, vendor,
- &attr, &old_size, old_data);
+ &attr, &old_size, old_data, NULL);
if (ret != EFI_SUCCESS)
goto err;
} else {
--
2.27.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-07-01 18:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-01 18:11 [PATCH 1/1] efi_loader: time based authentication Heinrich Schuchardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.