summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.c b/OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.c
index 112f20e052..19569b2ae0 100644
--- a/OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.c
+++ b/OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.c
@@ -284,13 +284,26 @@ IterateVariablesCallbackSetSystemVariable (
IN VOID *Data
)
{
- return gRT->SetVariable (
- VariableName,
- VendorGuid,
- Attributes,
- DataSize,
- Data
- );
+ EFI_STATUS Status;
+ STATIC CONST UINT32 AuthMask =
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS |
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+
+ Status = gRT->SetVariable (
+ VariableName,
+ VendorGuid,
+ Attributes,
+ DataSize,
+ Data
+ );
+
+ if (Status == EFI_SECURITY_VIOLATION && (Attributes & AuthMask) != 0) {
+ DEBUG ((DEBUG_WARN, "%a: setting authenticated variable \"%s\" "
+ "failed with EFI_SECURITY_VIOLATION, ignoring\n", __FUNCTION__,
+ VariableName));
+ Status = EFI_SUCCESS;
+ }
+ return Status;
}