diff options
| author | Gerd Hoffmann <kraxel@redhat.com> | 2023-05-05 07:17:25 +0200 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-05-10 13:39:41 +0000 |
| commit | 63887e272d124f53828664e3c312741b63e7a100 (patch) | |
| tree | 7cf54dc8793ef449e00a157423379ef36e07378f | |
| parent | 41d7832db02d082405ccc1edf38208b7a5cb8d87 (diff) | |
| download | edk2-63887e272d124f53828664e3c312741b63e7a100.tar.gz edk2-63887e272d124f53828664e3c312741b63e7a100.tar.bz2 edk2-63887e272d124f53828664e3c312741b63e7a100.zip | |
OvmfPkg/NvVarsFileLib: disable in case PcdBootRestrictToFirmware is set
In case PcdBootRestrictToFirmware is set, disable loading EFI variables
from NvVars file.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
| -rw-r--r-- | OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c | 4 | ||||
| -rw-r--r-- | OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c index d4139b9115..86380a867a 100644 --- a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c +++ b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c @@ -30,7 +30,9 @@ ConnectNvVarsToFileSystem ( {
EFI_STATUS Status;
- if (FeaturePcdGet (PcdSecureBootSupported)) {
+ if (FeaturePcdGet (PcdSecureBootSupported) ||
+ FeaturePcdGet (PcdBootRestrictToFirmware))
+ {
return EFI_UNSUPPORTED;
}
diff --git a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf index f152c55046..9ae40ffe43 100644 --- a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf +++ b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf @@ -49,6 +49,7 @@ [Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
+ gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
[Guids]
gEfiFileInfoGuid
|