diff options
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
3 files changed, 18 insertions, 10 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index d6df32affc..d1aeab8bfc 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -323,7 +323,7 @@ AutenticatedVariableServiceInitialize ( // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.
// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
//
- SecureBootEnable = SECURE_BOOT_MODE_DISABLE;
+ SecureBootEnable = SECURE_BOOT_DISABLE;
FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr != NULL) {
SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));
@@ -331,7 +331,7 @@ AutenticatedVariableServiceInitialize ( //
// "SecureBootEnable" not exist, initialize it in USER_MODE.
//
- SecureBootEnable = SECURE_BOOT_MODE_ENABLE;
+ SecureBootEnable = SECURE_BOOT_ENABLE;
Status = UpdateVariable (
EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid,
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 22c03c1288..4e790634da 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -51,7 +51,7 @@ formset questionid = KEY_SECURE_BOOT_ENABLE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
- flags = INTERACTIVE,
+ flags = INTERACTIVE | RESET_REQUIRED,
endcheckbox;
endif;
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 0a08479b4b..26fc09d52d 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -2069,27 +2069,25 @@ SecureBootExtractConfigFromVariable ( {
UINT8 *SecureBootEnable;
UINT8 *SetupMode;
+ UINT8 *SecureBoot;
UINT8 *SecureBootMode;
SecureBootEnable = NULL;
SetupMode = NULL;
+ SecureBoot = NULL;
SecureBootMode = NULL;
//
- // Get the SecureBootEnable Variable
- //
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
-
- //
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
// Checkbox.
//
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (SecureBootEnable == NULL) {
ConfigData->HideSecureBoot = TRUE;
} else {
ConfigData->HideSecureBoot = FALSE;
- ConfigData->SecureBootState = *SecureBootEnable;
}
+
//
// If it is Physical Presence User, set the PhysicalPresent to true.
//
@@ -2103,11 +2101,21 @@ SecureBootExtractConfigFromVariable ( // If there is no PK then the Delete Pk button will be gray.
//
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
- if (SetupMode == NULL || (*SetupMode) == 1) {
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
ConfigData->HasPk = FALSE;
} else {
ConfigData->HasPk = TRUE;
}
+
+ //
+ // If the value of SecureBoot variable is 1, the platform is operating in secure boot mode.
+ //
+ GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);
+ if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
+ ConfigData->SecureBootState = TRUE;
+ } else {
+ ConfigData->SecureBootState = FALSE;
+ }
//
// Get the SecureBootMode from CustomMode variable.
|