SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & PK inconsistency issue
Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens.
Commit hash for the reverted patch in AuthVariable driver is
SHA-1: a6811666b0
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
@@ -441,19 +441,7 @@ InitSecureBootVariables (
|
||||
SecureBootEnable = SECURE_BOOT_DISABLE;
|
||||
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
|
||||
if (!EFI_ERROR(Status)) {
|
||||
if (!IsPkPresent) {
|
||||
//
|
||||
// PK is cleared in runtime. "SecureBootMode" is not updated before reboot
|
||||
// Delete "SecureBootMode"
|
||||
//
|
||||
Status = AuthServiceInternalUpdateVariable (
|
||||
EFI_SECURE_BOOT_ENABLE_NAME,
|
||||
&gEfiSecureBootEnableDisableGuid,
|
||||
&SecureBootEnable,
|
||||
0,
|
||||
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
|
||||
);
|
||||
} else {
|
||||
if (IsPkPresent) {
|
||||
SecureBootEnable = *Data;
|
||||
}
|
||||
} else if ((SecureBootMode == SecureBootModeTypeUserMode) || (SecureBootMode == SecureBootModeTypeDeployedMode)) {
|
||||
|
Reference in New Issue
Block a user