v2: update hash value in SecureBootConfig.vfr to keep them consistent with macro definition in SecureBootConfigImpl.h
since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zh...@intel.com> Cc: Chao Zhang <chao.b.zh...@intel.com> Cc: Long Qin <qin.l...@intel.com> Cc: Yao Jiewen <jiewen....@intel.com> --- .../SecureBootConfigDxe/SecureBootConfig.vfr | 10 +++++----- .../SecureBootConfigDxe/SecureBootConfigImpl.h | 12 ++++++------ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 02ddf4a..6f46d91 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -457,17 +457,17 @@ formset oneof name = SignatureFormatInDbx, varid = SECUREBOOT_CONFIGURATION.CertificateFormat, prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), - option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x2, flags = DEFAULT; - option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x3, flags = 0; - option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x4, flags = 0; - option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x5, flags = 0; + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT; + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0; + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0; + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0; endoneof; - suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 5; + suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4; checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation, prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT), help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP), flags = INTERACTIVE, endcheckbox; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h index bea9470..58030c4 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h @@ -89,16 +89,16 @@ extern EFI_IFR_GUID_LABEL *mEndLabel; #define WIN_CERT_UEFI_RSA2048_SIZE 256 // // Support hash types // -#define HASHALG_SHA224 0x00000001 -#define HASHALG_SHA256 0x00000002 -#define HASHALG_SHA384 0x00000003 -#define HASHALG_SHA512 0x00000004 -#define HASHALG_RAW 0x00000005 -#define HASHALG_MAX 0x00000005 +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 typedef struct { UINTN Signature; LIST_ENTRY Head; -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel