Return EFI_UNSUPPORTED if READY_TO_BOOT function is invoked at SMM runtime.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13535 6f19259b-4bc3-4df7-8a09-765794883524

2 files changed, 6 insertions, 2 deletions

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index fe7d5b9352..bae5f7bc45 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2528,8 +2528,8 @@ VariableServiceQueryVariableInfo (
 /**

   This function reclaims variable storage if free size is below the threshold.

 

-  Caution: This function may be invoked at SMM runtime.

-  Care must be taken to make sure not security issue at runtime.

+  Caution: This function may be invoked at SMM mode.

+  Care must be taken to make sure not security issue.

 

 **/

 VOID

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
index 8247836a63..de0a32ee87 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
@@ -519,6 +519,10 @@ SmmVariableHandler (
       break;

 

     case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:

+      if (AtRuntime()) {

+        Status = EFI_UNSUPPORTED;

+        break;

+      }

       ReclaimForOS ();

       Status = EFI_SUCCESS;

       break;