sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1. Change default PCD in SecurityPkg to 4 (DENY_EXECUTE) in DEC file.

Browse Source 
2. ASSERT if PCD value is set to 5 (QUERY_USER_ON_SECURITY_VIOLATION).
3. Update override PCD setting from 5 to 4 in platform DSC file.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14607 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Fu Siyuan
2013-08-28 09:06:40 +00:00
committed by sfu5
parent 98fed08f9f
commit db44ea6c4e
6 changed files with 26 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -1086,6 +1086,14 @@ DxeImageVerificationHandler (
return EFI_ACCESS_DENIED;
}
//
// The policy QUERY_USER_ON_SECURITY_VIOLATION violates the UEFI spec and has been removed.
//
ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION);
if (Policy == QUERY_USER_ON_SECURITY_VIOLATION) {
CpuDeadLoop ();
}
GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
//
// Skip verification if SecureBoot variable doesn't exist.