sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecureBootConfig: Update variable and perform reset

Browse Source 
Update the `SecureBootEnable` variable and perform a platform reset when
the enable/disable button is pressed.

Signed-off-by: Tim Crawford <tcrawford@system76.com>
This commit is contained in:
Tim Crawford
2023-01-27 14:57:19 -07:00
committed by Jeremy Soller
parent 8cfead2839
commit 860c29c923
1 changed files with 12 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -4414,27 +4414,14 @@ SecureBootCallback (
if (Action == EFI_BROWSER_ACTION_CHANGING) {
switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE:
//case KEY_SECURE_BOOT_ENABLE:
case KEY_SECURE_BOOT_STATE_ENABLE:
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (NULL != SecureBootEnable) {
FreePool (SecureBootEnable);
if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Only Physical Presence User could disable secure boot!",
NULL
);
Status = EFI_UNSUPPORTED;
} else {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
L"Configuration changed, please reset the platform to take effect!",
NULL
);
}
}
Status = SaveSecureBootVariable(1);
break;
case KEY_SECURE_BOOT_STATE_DISABLE:
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
Status = SaveSecureBootVariable(0);
break;
case KEY_SECURE_BOOT_KEK_OPTION:
@ -4850,8 +4837,12 @@ SecureBootCallback (
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE:
//case KEY_SECURE_BOOT_ENABLE:
case KEY_SECURE_BOOT_STATE_ENABLE:
case KEY_SECURE_BOOT_STATE_DISABLE:
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
// XXX: Is this safe?
gRT->ResetSystem(EfiResetCold, Status, 0, NULL);
break;
case KEY_SECURE_BOOT_MODE:
mIsEnterSecureBootForm = FALSE;