Fix a bug that “SecureBoot” varaible will be updated to NV+AT attribute incorrectly.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-17 08:05:01 +00:00
parent 7953f6832f
commit 0ba17ade47
3 changed files with 2 additions and 65 deletions
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1347,53 +1347,6 @@ Done:
  return Status;
 }

-/**
-  When VariableWriteArchProtocol install, create "SecureBoot" variable.
-
-  @param[in] Event    Event whose notification function is being invoked.
-  @param[in] Context  Pointer to the notification function's context.
-
-**/
-VOID
-EFIAPI
-VariableWriteCallBack (
-  IN  EFI_EVENT                           Event,
-  IN  VOID                                *Context
-  )
-{
-  UINT8                       SecureBootMode;
-  UINT8                       *SecureBootModePtr;
-  EFI_STATUS                  Status;
-  VOID                        *ProtocolPointer;
-
-  Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);
-  if (EFI_ERROR (Status)) {
-    return;
-  }
-
-  //
-  // Check whether "SecureBoot" variable exists.
-  // If this library is built-in, it means firmware has capability to perform
-  // driver signing verification.
-  //
-  GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);
-  if (SecureBootModePtr == NULL) {
-    SecureBootMode   = SECURE_BOOT_MODE_DISABLE;
-    //
-    // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.
-    //
-    gRT->SetVariable (
-           EFI_SECURE_BOOT_MODE_NAME,
-           &gEfiGlobalVariableGuid,
-           EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
-           sizeof (UINT8),
-           &SecureBootMode
-           );
-  } else {
-    FreePool (SecureBootModePtr);
-  }
-}
-
 /**
  Register security measurement handler.

@@ -1409,19 +1362,6 @@ DxeImageVerificationLibConstructor (
  IN EFI_SYSTEM_TABLE  *SystemTable
  )
 {
-  VOID                *Registration;
-
-  //
-  // Register callback function upon VariableWriteArchProtocol.
-  //
-  EfiCreateProtocolNotifyEvent (
-    &gEfiVariableWriteArchProtocolGuid,
-    TPL_CALLBACK,
-    VariableWriteCallBack,
-    NULL,
-    &Registration
-    );
-
  return RegisterSecurity2Handler (
          DxeImageVerificationHandler,
          EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED