v2: update hash value in SecureBootConfig.vfr to keep
them consistent with macro definition in SecureBootConfigImpl.h
since we removed the sha-1 definition in Hash table
and related macro, but the macro definition HashAlg index
may be value 4 which is exceed the range of the Hash
table array.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zh...@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Cc: Long Qin <qin.l...@intel.com>
Cc: Yao Jiewen <jiewen....@intel.com>
---
.../SecureBootConfigDxe/SecureBootConfig.vfr | 10 +++++-----
.../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
index 02ddf4a..6f46d91 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
@@ -457,17 +457,17 @@ formset
oneof name = SignatureFormatInDbx,
varid = SECUREBOOT_CONFIGURATION.CertificateFormat,
prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT),
help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP),
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value
= 0x2, flags = DEFAULT;
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value
= 0x3, flags = 0;
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value
= 0x4, flags = 0;
- option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value =
0x5, flags = 0;
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value
= 0x1, flags = DEFAULT;
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value
= 0x2, flags = 0;
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value
= 0x3, flags = 0;
+ option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value =
0x4, flags = 0;
endoneof;
- suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5;
+ suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4;
checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation,
prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT),
help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP),
flags = INTERACTIVE,
endcheckbox;
diff --git
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index bea9470..58030c4 100644
---
a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++
b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
#define WIN_CERT_UEFI_RSA2048_SIZE 256
//
// Support hash types
//
-#define HASHALG_SHA224 0x00000001
-#define HASHALG_SHA256 0x00000002
-#define HASHALG_SHA384 0x00000003
-#define HASHALG_SHA512 0x00000004
-#define HASHALG_RAW 0x00000005
-#define HASHALG_MAX 0x00000005
+#define HASHALG_SHA224 0x00000000
+#define HASHALG_SHA256 0x00000001
+#define HASHALG_SHA384 0x00000002
+#define HASHALG_SHA512 0x00000003
+#define HASHALG_RAW 0x00000004
+#define HASHALG_MAX 0x00000004
typedef struct {
UINTN Signature;
LIST_ENTRY Head;
--
1.9.5.msysgit.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
