summaryrefslogtreecommitdiff
path: root/SecurityPkg/VariableAuthenticated
diff options
context:
space:
mode:
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index ef123d2d5c..53ef092aff 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2831,6 +2831,16 @@ VariableServiceSetVariable (
Status = EFI_WRITE_PROTECTED;
goto Done;
}
+ if (Attributes != 0 && (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Variable.CurrPtr->Attributes) {
+ //
+ // If a preexisting variable is rewritten with different attributes, SetVariable() shall not
+ // modify the variable and shall return EFI_INVALID_PARAMETER. Two exceptions to this rule:
+ // 1. No access attributes specified
+ // 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Done;
+ }
}
//
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-27 11:27:44 +0000