sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & PK inconsistency issue

Browse Source 
Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens.
Commit hash for the reverted patch in AuthVariable driver is
SHA-1: a6811666b0

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
Zhang, Chao B
2016-04-13 15:27:04 +08:00
parent 7717798408
commit 126f3b1de0
2 changed files with 26 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@@ -441,19 +441,7 @@ InitSecureBootVariables (
SecureBootEnable = SECURE_BOOT_DISABLE;
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR(Status)) {
if (!IsPkPresent) {
//
// PK is cleared in runtime. "SecureBootMode" is not updated before reboot
// Delete "SecureBootMode"
//
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid,
&SecureBootEnable,
0,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
);
} else {
if (IsPkPresent) {
SecureBootEnable = *Data;
}
} else if ((SecureBootMode == SecureBootModeTypeUserMode) || (SecureBootMode == SecureBootModeTypeDeployedMode)) {