sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecureBootConfig: Update variable and perform reset

Browse Source 
Update the `SecureBootEnable` variable and perform a platform reset when
the enable/disable button is pressed.

Signed-off-by: Tim Crawford <tcrawford@system76.com>
This commit is contained in:
Tim Crawford
2023-01-27 14:57:19 -07:00
committed by Jeremy Soller
parent 8cfead2839
commit 860c29c923
1 changed files with 12 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -4414,27 +4414,14 @@ SecureBootCallback (
if (Action == EFI_BROWSER_ACTION_CHANGING) { if (Action == EFI_BROWSER_ACTION_CHANGING) {
switch (QuestionId) { switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE: //case KEY_SECURE_BOOT_ENABLE:
case KEY_SECURE_BOOT_STATE_ENABLE:
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (NULL != SecureBootEnable) { Status = SaveSecureBootVariable(1);
FreePool (SecureBootEnable); break;
if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) { case KEY_SECURE_BOOT_STATE_DISABLE:
CreatePopUp ( GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, Status = SaveSecureBootVariable(0);
&Key,
L"Only Physical Presence User could disable secure boot!",
NULL
);
Status = EFI_UNSUPPORTED;
} else {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Configuration changed, please reset the platform to take effect!",
NULL
);
}
}
break; break;
case KEY_SECURE_BOOT_KEK_OPTION: case KEY_SECURE_BOOT_KEK_OPTION:
@ -4850,8 +4837,12 @@ SecureBootCallback (
} }
} else if (Action == EFI_BROWSER_ACTION_CHANGED) { } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (QuestionId) { switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE: //case KEY_SECURE_BOOT_ENABLE:
case KEY_SECURE_BOOT_STATE_ENABLE:
case KEY_SECURE_BOOT_STATE_DISABLE:
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
// XXX: Is this safe?
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
break; break;
case KEY_SECURE_BOOT_MODE: case KEY_SECURE_BOOT_MODE:
mIsEnterSecureBootForm = FALSE; mIsEnterSecureBootForm = FALSE;