sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: AuthVariableLib: Cache UserPhysicalPresent in AuthVariableLib

Browse Source 
AuthVariableLib is updated to cache the UserPhysicalPresent state to global variable. This avoids calling PlatformSecureLib during runtime and makes PhysicalPresent state consistent during one boot.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
Zhang, Chao B
2016-06-27 11:10:07 +08:00
parent 6b5677e1bb
commit 90fa53213e
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@@ -931,7 +931,7 @@ ProcessVarWithPk (
// Init state of Del. State may change due to secure check
//
Del = FALSE;
if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
if ((InCustomMode() && mUserPhysicalPresent) || (mPlatformMode == SETUP_MODE && !IsPk)) {
Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) {
@@ -1049,7 +1049,7 @@ ProcessVarWithKek (
}
Status = EFI_SUCCESS;
if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
if (mPlatformMode == USER_MODE && !(InCustomMode() && mUserPhysicalPresent)) {
//
// Time-based, verify against X509 Cert KEK.
//
@@ -1204,7 +1204,7 @@ ProcessVariable (
&OrgVariableInfo
);
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && mUserPhysicalPresent) {
//
// Allow the delete operation of common authenticated variable at user physical presence.
//
@@ -1222,7 +1222,7 @@ ProcessVariable (
return Status;
}
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !mUserPhysicalPresent) {
//
// This variable is protected, only physical present user could modify its value.
//