From nobody Sat Nov 2 14:29:16 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487754097755551.1956195831149; Wed, 22 Feb 2017 01:01:37 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E353F8222A; Wed, 22 Feb 2017 01:01:35 -0800 (PST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 14AE682226 for ; Wed, 22 Feb 2017 01:01:34 -0800 (PST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Feb 2017 01:01:33 -0800 Received: from shwdeopenpsi116.ccr.corp.intel.com ([10.239.9.7]) by fmsmga002.fm.intel.com with ESMTP; 22 Feb 2017 01:01:32 -0800 X-Original-To: edk2-devel@lists.01.org X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,193,1484035200"; d="scan'208";a="1133266532" From: Zhang Lubo To: edk2-devel@lists.01.org Date: Wed, 22 Feb 2017 17:01:12 +0800 Message-Id: <1487754072-7252-1-git-send-email-lubo.zhang@intel.com> X-Mailer: git-send-email 1.9.5.msysgit.1 Subject: [edk2] [PATCH v2] SecurityPkg: Fix potential bug in Security Boot dxe. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Yao Jiewen , Chao Zhang , Long Qin MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" v2: update hash value in SecureBootConfig.vfr to keep them consistent with macro definition in SecureBootConfigImpl.h since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo Cc: Chao Zhang Cc: Long Qin Cc: Yao Jiewen Reviewed-by: Zhang Chao --- .../SecureBootConfigDxe/SecureBootConfig.vfr | 10 +++++---= -- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++--= ---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secure= BootConfig.vfr index 02ddf4a..6f46d91 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= g.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= g.vfr @@ -457,17 +457,17 @@ formset =20 oneof name =3D SignatureFormatInDbx, varid =3D SECUREBOOT_CONFIGURATION.CertificateFormat, prompt =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), help =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256),= value =3D 0x2, flags =3D DEFAULT; - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384),= value =3D 0x3, flags =3D 0; - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512),= value =3D 0x4, flags =3D 0; - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), va= lue =3D 0x5, flags =3D 0; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256),= value =3D 0x1, flags =3D DEFAULT; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384),= value =3D 0x2, flags =3D 0; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512),= value =3D 0x3, flags =3D 0; + option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), va= lue =3D 0x4, flags =3D 0; endoneof; =20 - suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat =3D=3D 5; + suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat =3D=3D 4; checkbox varid =3D SECUREBOOT_CONFIGURATION.AlwaysRevocation, prompt =3D STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_P= ROMPT), help =3D STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_H= ELP), flags =3D INTERACTIVE, endcheckbox; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.h index bea9470..58030c4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.h @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; #define WIN_CERT_UEFI_RSA2048_SIZE 256 =20 // // Support hash types // -#define HASHALG_SHA224 0x00000001 -#define HASHALG_SHA256 0x00000002 -#define HASHALG_SHA384 0x00000003 -#define HASHALG_SHA512 0x00000004 -#define HASHALG_RAW 0x00000005 -#define HASHALG_MAX 0x00000005 +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 =20 =20 typedef struct { UINTN Signature; LIST_ENTRY Head; --=20 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel