SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & PK inconsistency issue

Revert previous fix in AuthVariable driver init which breaks
SecureBootEnable original behavior. Add more error handling logic in
SecureBootConfigDxe to prevent wrong display info when SecureBootEnable &
PK inconsistency happens.
Commit hash for the reverted patch in AuthVariable driver is
SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d

(We integrate the change for AuthService.c in commit
126f3b1de02c71fde8e28abc35a46ac5f135b527 on master to AuthVariableLib.c
on UDK2015 branch)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
(cherry picked from commit 126f3b1de02c71fde8e28abc35a46ac5f135b527)

1 files changed, 1 insertions, 13 deletions

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
index a54eaaa066..00ec1710fc 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -256,19 +256,7 @@ AuthVariableLibInitialize (
   SecureBootEnable = SECURE_BOOT_DISABLE;

   Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);

   if (!EFI_ERROR (Status)) {

-    if (mPlatformMode == SETUP_MODE){

-      //

-      // PK is cleared in runtime. "SecureBootMode" is not updated before reboot

-      // Delete "SecureBootMode" in SetupMode

-      //

-      Status = AuthServiceInternalUpdateVariable (

-                 EFI_SECURE_BOOT_ENABLE_NAME,

-                 &gEfiSecureBootEnableDisableGuid,

-                 &SecureBootEnable,

-                 0,

-                 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS

-                 );

-    } else {

+    if (mPlatformMode == USER_MODE){

       SecureBootEnable = *(UINT8 *) Data;

     }

   } else if (mPlatformMode == USER_MODE) {