OvmfPkg/NvVarsFileLib: disable in case PcdBootRestrictToFirmware is set
In case PcdBootRestrictToFirmware is set, disable loading EFI variables from NvVars file. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
This commit is contained in:
Gerd Hoffmann
committed by
mergify[bot]
mergify[bot]
parent
41d7832db0
commit
63887e272d
@@ -30,7 +30,9 @@ ConnectNvVarsToFileSystem (
|
|||||||
{
|
{
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
|
||||||
if (FeaturePcdGet (PcdSecureBootSupported)) {
|
if (FeaturePcdGet (PcdSecureBootSupported) ||
|
||||||
|
FeaturePcdGet (PcdBootRestrictToFirmware))
|
||||||
|
{
|
||||||
return EFI_UNSUPPORTED;
|
return EFI_UNSUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -49,6 +49,7 @@
|
|||||||
|
|
||||||
[Pcd]
|
[Pcd]
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
|
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
|
||||||
|
|
||||||
[Guids]
|
[Guids]
|
||||||
gEfiFileInfoGuid
|
gEfiFileInfoGuid
|
||||||
|
|||||||
Reference in New Issue
Block a user