diff options
author | Zhang, Chao B <chao.b.zhang@intel.com> | 2016-04-13 15:27:04 +0800 |
---|---|---|
committer | Zhang, Chao B <chao.b.zhang@intel.com> | 2016-04-19 11:05:09 +0800 |
commit | 126f3b1de02c71fde8e28abc35a46ac5f135b527 (patch) | |
tree | 4e3d11592c4c7acb2d2038aafd57c8fe6f3b08d4 /SecurityPkg/Library/AuthVariableLib | |
parent | 77177984087654ff2888e182d40c20480da29811 (diff) | |
download | edk2-126f3b1de02c71fde8e28abc35a46ac5f135b527.tar.gz edk2-126f3b1de02c71fde8e28abc35a46ac5f135b527.tar.bz2 edk2-126f3b1de02c71fde8e28abc35a46ac5f135b527.zip |
SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & PK inconsistency issue
Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens.
Commit hash for the reverted patch in AuthVariable driver is
SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Diffstat (limited to 'SecurityPkg/Library/AuthVariableLib')
-rw-r--r-- | SecurityPkg/Library/AuthVariableLib/AuthService.c | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index f11b86827a..4649e50e5e 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -441,19 +441,7 @@ InitSecureBootVariables ( SecureBootEnable = SECURE_BOOT_DISABLE;
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR(Status)) {
- if (!IsPkPresent) {
- //
- // PK is cleared in runtime. "SecureBootMode" is not updated before reboot
- // Delete "SecureBootMode"
- //
- Status = AuthServiceInternalUpdateVariable (
- EFI_SECURE_BOOT_ENABLE_NAME,
- &gEfiSecureBootEnableDisableGuid,
- &SecureBootEnable,
- 0,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
- );
- } else {
+ if (IsPkPresent) {
SecureBootEnable = *Data;
}
} else if ((SecureBootMode == SecureBootModeTypeUserMode) || (SecureBootMode == SecureBootModeTypeDeployedMode)) {
|