diff options
| author | qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-10-28 03:46:20 +0000 |
|---|---|---|
| committer | qianouyang <qianouyang@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-10-28 03:46:20 +0000 |
| commit | beda2356f5128efa4461046f882b6516ece6afc7 (patch) | |
| tree | 510623dada789aa470470589412c3c59eb4d4d92 /SecurityPkg/Library/DxeImageVerificationLib | |
| parent | 23491d5cc2c8e732c779f7e30db12a62a2a816c3 (diff) | |
| download | edk2-platforms-beda2356f5128efa4461046f882b6516ece6afc7.tar.xz | |
Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup browser.
Signed-off-by: qianouyang
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Library/DxeImageVerificationLib')
3 files changed, 20 insertions, 1 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index dab35d5f6c..7bc3cc0ec0 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1117,7 +1117,6 @@ DxeImageVerificationHandler ( IN VOID *FileBuffer,
IN UINTN FileSize
)
-
{
EFI_STATUS Status;
UINT16 Magic;
@@ -1130,6 +1129,7 @@ DxeImageVerificationHandler ( EFI_IMAGE_EXECUTION_ACTION Action;
WIN_CERTIFICATE *WinCertificate;
UINT32 Policy;
+ UINT8 *SecureBootEnable;
if (File == NULL) {
return EFI_INVALID_PARAMETER;
@@ -1173,6 +1173,23 @@ DxeImageVerificationHandler ( } else if (Policy == NEVER_EXECUTE) {
return EFI_ACCESS_DENIED;
}
+
+ SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);
+ //
+ // Skip verification if SecureBootEnable variable doesn't exist.
+ //
+ if (SecureBootEnable == NULL) {
+ return EFI_SUCCESS;
+ }
+
+ //
+ // Skip verification if SecureBootEnable is disabled.
+ //
+ if (*SecureBootEnable == SECURE_BOOT_DISABLE) {
+ FreePool (SecureBootEnable);
+ return EFI_SUCCESS;
+ }
+
SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);
//
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h index 34ed0c89a1..2cd1f87468 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h @@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/SimpleFileSystem.h>
#include <Protocol/VariableWrite.h>
#include <Guid/ImageAuthentication.h>
+#include <Guid/AuthenticatedVariableFormat.h>
#include <IndustryStandard/PeImage.h>
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf index 5874d6b66b..1dda6774fa 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -62,6 +62,7 @@ gEfiCertSha256Guid
gEfiCertX509Guid
gEfiCertRsa2048Guid
+ gEfiSecureBootEnableDisableGuid
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
|