SecurityPkg: AuthVariableLib: Cache UserPhysicalPresent in AuthVariableLib
AuthVariableLib is updated to cache the UserPhysicalPresent state to global variable. This avoids calling PlatformSecureLib during runtime and makes PhysicalPresent state consistent during one boot. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
This commit is contained in:
@@ -931,7 +931,7 @@ ProcessVarWithPk (
|
||||
// Init state of Del. State may change due to secure check
|
||||
//
|
||||
Del = FALSE;
|
||||
if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
|
||||
if ((InCustomMode() && mUserPhysicalPresent) || (mPlatformMode == SETUP_MODE && !IsPk)) {
|
||||
Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
|
||||
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
|
||||
if (PayloadSize == 0) {
|
||||
@@ -1049,7 +1049,7 @@ ProcessVarWithKek (
|
||||
}
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
|
||||
if (mPlatformMode == USER_MODE && !(InCustomMode() && mUserPhysicalPresent)) {
|
||||
//
|
||||
// Time-based, verify against X509 Cert KEK.
|
||||
//
|
||||
@@ -1204,7 +1204,7 @@ ProcessVariable (
|
||||
&OrgVariableInfo
|
||||
);
|
||||
|
||||
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {
|
||||
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && mUserPhysicalPresent) {
|
||||
//
|
||||
// Allow the delete operation of common authenticated variable at user physical presence.
|
||||
//
|
||||
@@ -1222,7 +1222,7 @@ ProcessVariable (
|
||||
return Status;
|
||||
}
|
||||
|
||||
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
|
||||
if (NeedPhysicallyPresent (VariableName, VendorGuid) && !mUserPhysicalPresent) {
|
||||
//
|
||||
// This variable is protected, only physical present user could modify its value.
|
||||
//
|
||||
|
Reference in New Issue
Block a user