diff options
author | Chao Zhang <chao.b.zhang@intel.com> | 2015-05-11 05:49:31 +0000 |
---|---|---|
committer | czhang46 <czhang46@Edk2> | 2015-05-11 05:49:31 +0000 |
commit | 98e9d30f787fc0c25fe5232c29fd0bfb9fb446c4 (patch) | |
tree | 54d4c58bdd75ddcb1a9cd09ffef2cfd017e7275b /SecurityPkg/VariableAuthenticated | |
parent | 74705ca53e18ce290a5d8fd932c18742b93d82ff (diff) | |
download | edk2-platforms-98e9d30f787fc0c25fe5232c29fd0bfb9fb446c4.tar.xz |
SecurityPkg Variable: Make PK & SecureBootMode consistent
PK can be cleared in runtime. However SecureBootMode variable is not updated accordingly. Add code in variable init to make them consistent.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17401 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
-rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index b48129135f..36d447027d 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -277,7 +277,25 @@ AutenticatedVariableServiceInitialize ( SecureBootEnable = SECURE_BOOT_DISABLE;
FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr != NULL) {
- SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));
+ if (mPlatformMode == SETUP_MODE){
+ //
+ // PK is cleared in runtime. "SecureBootMode" is not updated before reboot
+ // Delete "SecureBootMode" in SetupMode
+ //
+ Status = UpdateVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ &SecureBootEnable,
+ 0,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 0,
+ 0,
+ &Variable,
+ NULL
+ );
+ } else {
+ SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));
+ }
} else if (mPlatformMode == USER_MODE) {
//
// "SecureBootEnable" not exist, initialize it in USER_MODE.
|