diff options
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
-rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index e840316368..c8f4d977d9 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -3167,20 +3167,6 @@ SecureBootExtractConfigFromVariable ( ConfigData->RevocationTime.Minute = CurrTime.Minute;
ConfigData->RevocationTime.Second = 0;
- //
- // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
- // Checkbox.
- //
- ConfigData->AttemptSecureBoot = FALSE;
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
- if (SecureBootEnable == NULL) {
- ConfigData->HideSecureBoot = TRUE;
- } else {
- ConfigData->HideSecureBoot = FALSE;
- if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {
- ConfigData->AttemptSecureBoot = TRUE;
- }
- }
//
// If it is Physical Presence User, set the PhysicalPresent to true.
@@ -3215,6 +3201,26 @@ SecureBootExtractConfigFromVariable ( ConfigData->HasPk = TRUE;
}
+ //
+ // Check SecureBootEnable & Pk status, fix the inconsistence.
+ // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
+ // Checkbox.
+ //
+ ConfigData->AttemptSecureBoot = FALSE;
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
+
+ //
+ // Fix Pk, SecureBootEnable inconsistence
+ //
+ if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {
+ ConfigData->HideSecureBoot = FALSE;
+ if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {
+ ConfigData->AttemptSecureBoot = TRUE;
+ }
+ } else {
+ ConfigData->HideSecureBoot = TRUE;
+ }
+
if (SecureBootEnable != NULL) {
FreePool (SecureBootEnable);
}
@@ -3363,7 +3369,6 @@ SecureBootRouteConfig ( OUT EFI_STRING *Progress
)
{
- UINT8 *SecureBootEnable;
SECUREBOOT_CONFIGURATION IfrNvData;
UINTN BufferSize;
EFI_STATUS Status;
@@ -3400,10 +3405,7 @@ SecureBootRouteConfig ( //
// Store Buffer Storage back to EFI variable if needed
//
- SecureBootEnable = NULL;
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
- if (NULL != SecureBootEnable) {
- FreePool (SecureBootEnable);
+ if (!IfrNvData.HideSecureBoot) {
Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot);
if (EFI_ERROR (Status)) {
return Status;
@@ -3454,6 +3456,7 @@ SecureBootCallback ( SECUREBOOT_CONFIGURATION *IfrNvData;
UINT16 LabelId;
UINT8 *SecureBootEnable;
+ UINT8 *Pk;
UINT8 *SecureBootMode;
CHAR16 PromptString[100];
UINT8 CurSecureBootMode;
@@ -3926,11 +3929,11 @@ SecureBootCallback ( }
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {
if (QuestionId == KEY_HIDE_SECURE_BOOT) {
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
- if (SecureBootEnable == NULL) {
+ GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL);
+ if (Pk == NULL) {
IfrNvData->HideSecureBoot = TRUE;
} else {
- FreePool (SecureBootEnable);
+ FreePool (Pk);
IfrNvData->HideSecureBoot = FALSE;
}
Value->b = IfrNvData->HideSecureBoot;
|