From 126f3b1de02c71fde8e28abc35a46ac5f135b527 Mon Sep 17 00:00:00 2001 From: "Zhang, Chao B" Date: Wed, 13 Apr 2016 15:27:04 +0800 Subject: SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & PK inconsistency issue Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens. Commit hash for the reverted patch in AuthVariable driver is SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang Reviewed-by: Fu Siyuan --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'SecurityPkg/Library/AuthVariableLib/AuthService.c') diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index f11b86827a..4649e50e5e 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -441,19 +441,7 @@ InitSecureBootVariables ( SecureBootEnable = SECURE_BOOT_DISABLE; Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize); if (!EFI_ERROR(Status)) { - if (!IsPkPresent) { - // - // PK is cleared in runtime. "SecureBootMode" is not updated before reboot - // Delete "SecureBootMode" - // - Status = AuthServiceInternalUpdateVariable ( - EFI_SECURE_BOOT_ENABLE_NAME, - &gEfiSecureBootEnableDisableGuid, - &SecureBootEnable, - 0, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS - ); - } else { + if (IsPkPresent) { SecureBootEnable = *Data; } } else if ((SecureBootMode == SecureBootModeTypeUserMode) || (SecureBootMode == SecureBootModeTypeDeployedMode)) { -- cgit v1.2.3