summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Library/AuthVariableLib
diff options
context:
space:
mode:
authorZhang, Chao B <chao.b.zhang@intel.com>2016-04-13 15:27:04 +0800
committerZhang, Chao B <chao.b.zhang@intel.com>2016-04-19 11:05:09 +0800
commit126f3b1de02c71fde8e28abc35a46ac5f135b527 (patch)
tree4e3d11592c4c7acb2d2038aafd57c8fe6f3b08d4 /SecurityPkg/Library/AuthVariableLib
parent77177984087654ff2888e182d40c20480da29811 (diff)
downloadedk2-126f3b1de02c71fde8e28abc35a46ac5f135b527.tar.gz
edk2-126f3b1de02c71fde8e28abc35a46ac5f135b527.tar.bz2
edk2-126f3b1de02c71fde8e28abc35a46ac5f135b527.zip
SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & PK inconsistency issue
Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens. Commit hash for the reverted patch in AuthVariable driver is SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Diffstat (limited to 'SecurityPkg/Library/AuthVariableLib')
-rw-r--r--SecurityPkg/Library/AuthVariableLib/AuthService.c14
1 files changed, 1 insertions, 13 deletions
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index f11b86827a..4649e50e5e 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -441,19 +441,7 @@ InitSecureBootVariables (
SecureBootEnable = SECURE_BOOT_DISABLE;
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR(Status)) {
- if (!IsPkPresent) {
- //
- // PK is cleared in runtime. "SecureBootMode" is not updated before reboot
- // Delete "SecureBootMode"
- //
- Status = AuthServiceInternalUpdateVariable (
- EFI_SECURE_BOOT_ENABLE_NAME,
- &gEfiSecureBootEnableDisableGuid,
- &SecureBootEnable,
- 0,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
- );
- } else {
+ if (IsPkPresent) {
SecureBootEnable = *Data;
}
} else if ((SecureBootMode == SecureBootModeTypeUserMode) || (SecureBootMode == SecureBootModeTypeDeployedMode)) {