summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStar Zeng <star.zeng@intel.com>2015-02-02 03:18:10 +0000
committerlzeng14 <lzeng14@Edk2>2015-02-02 03:18:10 +0000
commitc4b5cc4318f80e025196fb8fc2795184e1451661 (patch)
tree71142799b3ff79867db48ca245b5cb4f2c9fdf67
parent00ab76e0fed1884e978750e406e7b9a51842dfd8 (diff)
downloadedk2-platforms-c4b5cc4318f80e025196fb8fc2795184e1451661.tar.xz
SecurityPkg Variable: Before EndOfDxe, just record the current boot VarErrorFlag to local variable.
And leave the variable error flag in NV flash as the last boot variable error flag. After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash will be initialized to this local current boot variable error flag. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16685 6f19259b-4bc3-4df7-8a09-765794883524
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index 7a42d971e0..83d69899f7 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -58,7 +58,10 @@ BOOLEAN mEndOfDxe = FALSE;
///
BOOLEAN mEnableLocking = TRUE;
-/**
+//
+// It will record the current boot error flag before EndOfDxe.
+//
+VAR_ERROR_FLAG mCurrentBootVarErrFlag = VAR_ERROR_FLAG_NO_ERROR;
SecureBoot Hook for auth variable update.
@@ -579,6 +582,17 @@ RecordVarErrorFlag (
}
);
+ if (!mEndOfDxe) {
+ //
+ // Before EndOfDxe, just record the current boot variable error flag to local variable,
+ // and leave the variable error flag in NV flash as the last boot variable error flag.
+ // After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
+ // will be initialized to this local current boot variable error flag.
+ //
+ mCurrentBootVarErrFlag &= Flag;
+ return;
+ }
+
//
// Record error flag (it should have be initialized).
//
@@ -637,7 +651,7 @@ InitializeVarErrorFlag (
return;
}
- Flag = VAR_ERROR_FLAG_NO_ERROR;
+ Flag = mCurrentBootVarErrFlag;
DEBUG ((EFI_D_INFO, "Initialize variable error flag (%02x)\n", Flag));
Status = FindVariable (