bfb1a45eec
This commit adds the ability to skip the setting the Dbx variable if
the Default being provided is less than the size of the
EFI_SIGNATURE_LIST structure. This is to prevent the
setting of an invalid DBX which would cause the system to fail to boot.
Additionally, this can be used to signal that setting the DBX
should leave DBX undefined for Platforms that want to let the OS
be the sole servicer of the DBX.
Breakdown of the math is as follows:
1. **`sizeof(EFI_SIGNATURE_LIST)`**:
- This is the size of the `EFI_SIGNATURE_LIST` structure itself,
which includes:
- `EFI_GUID SignatureType` (16 bytes)
- `UINT32 SignatureListSize` (4 bytes)
- `UINT32 SignatureHeaderSize` (4 bytes)
- `UINT32 SignatureSize` (4 bytes)
- Total: `16 + 4 + 4 + 4 = 28 bytes`
2. **`SignatureHeaderSize`**:
- This is the size of the optional signature header. If no header is
provided, this value is `0`.
3. **`SignatureSize`**:
- This is the size of each `EFI_SIGNATURE_DATA` entry. For an empty
list, this value is `0`.
The total size of an empty `EFI_SIGNATURE_LIST` is:
```c
sizeof(EFI_SIGNATURE_LIST) + SignatureHeaderSize
```
1. **No Signature Header**:
- If `SignatureHeaderSize = 0`, the size is:
```c
28 + 0 = 28 bytes
```
2. **With a Signature Header**:
- If `SignatureHeaderSize = 16` (example size for a header), the
size is:
```c
28 + 16 = 44 bytes
```
- **Minimum Size**: `28 bytes` (if `SignatureHeaderSize = 0`).
- **Additional Size**: Add the value of `SignatureHeaderSize` if a
header is included.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
28 KiB
28 KiB