sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1. Reset system when user changes secure boot state in secure boot configuration form.

Browse Source 
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5
2012-07-05 08:08:12 +00:00
parent b37aa2c645
commit 8f8ca22e59
6 changed files with 29 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -2069,27 +2069,25 @@ SecureBootExtractConfigFromVariable (
{
UINT8 *SecureBootEnable;
UINT8 *SetupMode;
UINT8 *SecureBoot;
UINT8 *SecureBootMode;
SecureBootEnable = NULL;
SetupMode = NULL;
SecureBoot = NULL;
SecureBootMode = NULL;
//
// Get the SecureBootEnable Variable
//
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
//
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
// Checkbox.
//
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (SecureBootEnable == NULL) {
ConfigData->HideSecureBoot = TRUE;
} else {
ConfigData->HideSecureBoot = FALSE;
ConfigData->SecureBootState = *SecureBootEnable;
}
//
// If it is Physical Presence User, set the PhysicalPresent to true.
//
@ -2103,11 +2101,21 @@ SecureBootExtractConfigFromVariable (
// If there is no PK then the Delete Pk button will be gray.
//
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
if (SetupMode == NULL || (*SetupMode) == 1) {
if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
ConfigData->HasPk = FALSE;
} else {
ConfigData->HasPk = TRUE;
}
//
// If the value of SecureBoot variable is 1, the platform is operating in secure boot mode.
//
GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);
if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
ConfigData->SecureBootState = TRUE;
} else {
ConfigData->SecureBootState = FALSE;
}
//
// Get the SecureBootMode from CustomMode variable.