1 files changed, 41 insertions, 3 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 64ce968..1ba934b 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -15,7 +15,7 @@
   They will do basic validation for authentication data structure, then call crypto library
   to verify the signature.
 
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -437,6 +437,8 @@ AddPubKeyInStore (
   UINT32                  Index;
   VARIABLE_POINTER_TRACK  Variable;
   UINT8                   *Ptr;
+  UINT8                   *Data;
+  UINTN                   DataSize;
 
   if (PubKey == NULL) {
     return 0;
@@ -468,9 +470,45 @@ AddPubKeyInStore (
     //
     if (mPubKeyNumber == MAX_KEY_NUM) {
       //
-      // Notes: Database is full, need enhancement here, currently just return 0.
+      // Public key dadatase is full, try to reclaim invalid key.
       //
-      return 0;
+      if (AtRuntime ()) {
+        //
+        // NV storage can't reclaim at runtime.
+        //
+        return 0;
+      }
+      
+      Status = Reclaim (
+                 mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
+                 &mVariableModuleGlobal->NonVolatileLastVariableOffset,
+                 FALSE,
+                 NULL,
+                 TRUE,
+                 TRUE
+                 );
+      if (EFI_ERROR (Status)) {
+        return 0;
+      }
+
+      Status = FindVariable (
+                 AUTHVAR_KEYDB_NAME,
+                 &gEfiAuthenticatedVariableGuid,
+                 &Variable,
+                 &mVariableModuleGlobal->VariableGlobal,
+                 FALSE
+                 );
+      ASSERT_EFI_ERROR (Status);
+
+      DataSize  = DataSizeOfVariable (Variable.CurrPtr);
+      Data      = GetVariableDataPtr (Variable.CurrPtr);
+      ASSERT ((DataSize != 0) && (Data != NULL));
+      CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
+      mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
+
+      if (mPubKeyNumber == MAX_KEY_NUM) {
+        return 0;
+      }     
     }
 
     CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);