1. Remove extra attribute for SetupMode, SignatureSupport and SecureBoot variable.

2. Allow the PK owner to update db/dbx variable directly.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13536 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5
2012-07-17 08:38:58 +00:00
parent 876ac39540
commit 05a643f91d
2 changed files with 78 additions and 73 deletions

View File

@@ -1955,6 +1955,33 @@ IsHwErrRecVariable (
return TRUE;
}
/**
This code checks if variable should be treated as read-only variable.
@param[in] VariableName Name of the Variable.
@param[in] VendorGuid GUID of the Variable.
@retval TRUE This variable is read-only variable.
@retval FALSE This variable is NOT read-only variable.
**/
BOOLEAN
IsReadOnlyVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)) {
if ((StrCmp (VariableName, EFI_SETUP_MODE_NAME) == 0) ||
(StrCmp (VariableName, EFI_SIGNATURE_SUPPORT_NAME) == 0) ||
(StrCmp (VariableName, EFI_SECURE_BOOT_MODE_NAME) == 0)) {
return TRUE;
}
}
return FALSE;
}
/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
@@ -2232,6 +2259,10 @@ VariableServiceSetVariable (
return EFI_INVALID_PARAMETER;
}
if (IsReadOnlyVariable (VariableName, VendorGuid)) {
return EFI_WRITE_PROTECTED;
}
if (DataSize != 0 && Data == NULL) {
return EFI_INVALID_PARAMETER;
}
@@ -2349,7 +2380,10 @@ VariableServiceSetVariable (
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE);
} else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE);
if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);
}
} else {
Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);
}