SecurityPkg Variable: Prevent BS variable update in legacy OS runtime.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17468 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 12 insertions, 0 deletions

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
index be5c935a88..e87e12fc99 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
@@ -1019,6 +1019,7 @@ VariableSmmRuntimeInitialize (
   VOID                                      *SmmVariableWriteRegistration;

   EFI_EVENT                                 OnReadyToBootEvent;

   EFI_EVENT                                 ExitBootServiceEvent;

+  EFI_EVENT                                 LegacyBootEvent;

 

   EfiInitializeLock (&mVariableServicesLock, TPL_NOTIFY);

 

@@ -1087,6 +1088,17 @@ VariableSmmRuntimeInitialize (
          ); 

 

   //

+  // Register the event to inform SMM variable that it is at runtime for legacy boot.

+  // Reuse OnExitBootServices() here.

+  //

+  EfiCreateEventLegacyBootEx(

+    TPL_NOTIFY,

+    OnExitBootServices,

+    NULL,

+    &LegacyBootEvent

+    );

+

+  //

   // Register the event to convert the pointer for runtime.

   //

   gBS->CreateEventEx (