diff options
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index 7a42d971e0..83d69899f7 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -58,7 +58,10 @@ BOOLEAN mEndOfDxe = FALSE; ///
BOOLEAN mEnableLocking = TRUE;
-/**
+//
+// It will record the current boot error flag before EndOfDxe.
+//
+VAR_ERROR_FLAG mCurrentBootVarErrFlag = VAR_ERROR_FLAG_NO_ERROR;
SecureBoot Hook for auth variable update.
@@ -579,6 +582,17 @@ RecordVarErrorFlag ( }
);
+ if (!mEndOfDxe) {
+ //
+ // Before EndOfDxe, just record the current boot variable error flag to local variable,
+ // and leave the variable error flag in NV flash as the last boot variable error flag.
+ // After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
+ // will be initialized to this local current boot variable error flag.
+ //
+ mCurrentBootVarErrFlag &= Flag;
+ return;
+ }
+
//
// Record error flag (it should have be initialized).
//
@@ -637,7 +651,7 @@ InitializeVarErrorFlag ( return;
}
- Flag = VAR_ERROR_FLAG_NO_ERROR;
+ Flag = mCurrentBootVarErrFlag;
DEBUG ((EFI_D_INFO, "Initialize variable error flag (%02x)\n", Flag));
Status = FindVariable (
|