dd0b33e3e5
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among others support, while __func__ was standardized in C99. Since it's more standard, replace __FUNCTION__ with __func__ throughout SecurityPkg. Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
52 lines
1.6 KiB
C
52 lines
1.6 KiB
C
/** @file
|
|
Provides an abstracted interface for configuring PK related variable protection.
|
|
|
|
Copyright (c) Microsoft Corporation.
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
#include <Uefi.h>
|
|
#include <Protocol/VariablePolicy.h>
|
|
|
|
#include <Library/DebugLib.h>
|
|
#include <Library/UefiBootServicesTableLib.h>
|
|
|
|
/**
|
|
Disable any applicable protection against variable 'PK'. The implementation
|
|
of this interface is platform specific, depending on the protection techniques
|
|
used per platform.
|
|
|
|
Note: It is the platform's responsibility to conduct cautious operation after
|
|
disabling this protection.
|
|
|
|
@retval EFI_SUCCESS State has been successfully updated.
|
|
@retval Others Error returned from implementation specific
|
|
underying APIs.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
DisablePKProtection (
|
|
VOID
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
|
|
|
|
DEBUG ((DEBUG_INFO, "%a() Entry...\n", __func__));
|
|
|
|
// IMPORTANT NOTE: This operation is sticky and leaves variable protections disabled.
|
|
// The system *MUST* be reset after performing this operation.
|
|
Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy);
|
|
if (!EFI_ERROR (Status)) {
|
|
Status = VariablePolicy->DisableVariablePolicy ();
|
|
// EFI_ALREADY_STARTED means that everything is currently disabled.
|
|
// This should be considered SUCCESS.
|
|
if (Status == EFI_ALREADY_STARTED) {
|
|
Status = EFI_SUCCESS;
|
|
}
|
|
}
|
|
|
|
return Status;
|
|
}
|