@@ -45,7 +45,9 @@ int update_variable_in_bank(struct secvar *update_var, const char *data,
else
var->flags |= SECVAR_FLAG_VOLATILE;
- if (key_equals(update_var->key, "PK") || key_equals(update_var->key, "HWKH"))
+ if (key_equals(update_var->key, "PK")
+ || key_equals(update_var->key, "HWKH")
+ || key_equals(update_var->key, "TS"))
var->flags |= SECVAR_FLAG_PROTECTED;
return 0;
@@ -89,6 +89,7 @@ static int edk2_compat_pre_process(struct list_head *variable_bank,
memcpy(tsvar->key, "TS", 3);
tsvar->key_len = 3;
tsvar->data_size = sizeof(struct efi_time) * 4;
+ tsvar->flags = SECVAR_FLAG_PROTECTED;
memset(tsvar->data, 0, tsvar->data_size);
list_add_tail(variable_bank, &tsvar->link);
}
Each signed variable update contains a timestamp -- this timestamp is checked against the previous timestamp seen for that particular variable (if any), and the update is rejected if the timestamp is not a later time than the previous. This timestamp check is intended to prevent re-use of signed update files. Currently, the code stores the timestamps in the TS variable, which is then stored in regular variable storage (typically PNOR). This patch promotes the variable to "protected storage" (typically TPM NV), so avoid this variable being accidentally cleared. This change should only come into effect when either: - initializing secvar for the first time (i.e. first boot, or after a key-clear-request) - processing any variable update Systems that already have a TS variable in PNOR will not be affected until either of the above actions are taken. Signed-off-by: Eric Richter <erichte@linux.ibm.com> Tested-by: Nick Child <nick.child@ibm.com> Reviewed-by: Daniel Axtens <dja@axtens.net> --- libstb/secvar/backend/edk2-compat-process.c | 4 +++- libstb/secvar/backend/edk2-compat.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-)