diff options
Diffstat (limited to 'SecurityPkg/Library/DxeImageVerificationLib')
| -rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 38 | ||||
| -rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf | 5 |
2 files changed, 8 insertions, 35 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index dff4bd0371..093932053c 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1254,14 +1254,13 @@ DxeImageVerificationHandler ( UINT16 Magic;
EFI_IMAGE_DOS_HEADER *DosHdr;
EFI_STATUS VerifyStatus;
- UINT8 *SetupMode;
EFI_SIGNATURE_LIST *SignatureList;
UINTN SignatureListSize;
EFI_SIGNATURE_DATA *Signature;
EFI_IMAGE_EXECUTION_ACTION Action;
WIN_CERTIFICATE *WinCertificate;
UINT32 Policy;
- UINT8 *SecureBootEnable;
+ UINT8 *SecureBoot;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
UINT32 NumberOfRvaAndSizes;
UINT32 CertSize;
@@ -1309,43 +1308,22 @@ DxeImageVerificationHandler ( return EFI_ACCESS_DENIED;
}
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
+ GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
//
- // Skip verification if SecureBootEnable variable doesn't exist.
+ // Skip verification if SecureBoot variable doesn't exist.
//
- if (SecureBootEnable == NULL) {
+ if (SecureBoot == NULL) {
return EFI_SUCCESS;
}
//
- // Skip verification if SecureBootEnable is disabled.
+ // Skip verification if SecureBoot is disabled.
//
- if (*SecureBootEnable == SECURE_BOOT_DISABLE) {
- FreePool (SecureBootEnable);
+ if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {
+ FreePool (SecureBoot);
return EFI_SUCCESS;
}
-
- FreePool (SecureBootEnable);
-
- GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, (VOID**)&SetupMode, NULL);
-
- //
- // SetupMode doesn't exist means no AuthVar driver is dispatched,
- // skip verification.
- //
- if (SetupMode == NULL) {
- return EFI_SUCCESS;
- }
-
- //
- // If platform is in SETUP MODE, skip verification.
- //
- if (*SetupMode == SETUP_MODE) {
- FreePool (SetupMode);
- return EFI_SUCCESS;
- }
-
- FreePool (SetupMode);
+ FreePool (SecureBoot);
//
// Read the Dos header.
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf index e561a648a1..8ec41f4e11 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -68,13 +68,8 @@ gEfiCertSha256Guid
gEfiCertX509Guid
gEfiCertRsa2048Guid
- gEfiSecureBootEnableDisableGuid
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy
-
-
-
-
|