Thanks , I will update the HASH value definition in VFR to keep them consistent with macro definition .
> -----Original Message----- > From: Zhang, Chao B > Sent: Wednesday, February 22, 2017 4:31 PM > To: Zhang, Lubo <lubo.zh...@intel.com>; edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen....@intel.com>; Long, Qin <qin.l...@intel.com> > Subject: RE: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot > dxe. > > Luboļ¼ > If you change HASH algo definition, please also update > SecureBootConfig.vfr > accordingly. > Or you may keep SHA1 algo definition & keep RAW & MAX unchanged > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Zhang > Lubo > Sent: Tuesday, February 21, 2017 10:53 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B > <chao.b.zh...@intel.com>; Long, Qin <qin.l...@intel.com> > Subject: [edk2] [patch] SecurityPkg: Fix potential bug in Security Boot dxe. > > since we removed the sha-1 definition in Hash table and related macro, but the > macro definition HashAlg index may be value 4 which is exceed the range of the > Hash table array. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Zhang Lubo <lubo.zh...@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Cc: Long Qin <qin.l...@intel.com> > Cc: Yao Jiewen <jiewen....@intel.com> > --- > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 > ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.h > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.h > index bea9470..58030c4 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigI > mpl.h > +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigImpl.h > @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; > #define WIN_CERT_UEFI_RSA2048_SIZE 256 > > // > // Support hash types > // > -#define HASHALG_SHA224 0x00000001 > -#define HASHALG_SHA256 0x00000002 > -#define HASHALG_SHA384 0x00000003 > -#define HASHALG_SHA512 0x00000004 > -#define HASHALG_RAW 0x00000005 > -#define HASHALG_MAX 0x00000005 > +#define HASHALG_SHA224 0x00000000 > +#define HASHALG_SHA256 0x00000001 > +#define HASHALG_SHA384 0x00000002 > +#define HASHALG_SHA512 0x00000003 > +#define HASHALG_RAW 0x00000004 > +#define HASHALG_MAX 0x00000004 > > > typedef struct { > UINTN Signature; > LIST_ENTRY Head; > -- > 1.9.5.msysgit.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel