From 0ba17ade477cda3cac9419f6b00996b3b45135c5 Mon Sep 17 00:00:00 2001 From: sfu5 Date: Fri, 17 May 2013 08:05:01 +0000 Subject: =?UTF-8?q?Fix=20a=20bug=20that=20=E2=80=9CSecureBoot=E2=80=9D=20v?= =?UTF-8?q?araible=20will=20be=20updated=20to=20NV+AT=20attribute=20incorr?= =?UTF-8?q?ectly.=20Signed-off-by:=20Fu=20Siyuan=20?= =?UTF-8?q?=20Reviewed-by:=20Ni=20Ruiyu=20=20Reviewed-?= =?UTF-8?q?by:=20Dong=20Guo=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375 6f19259b-4bc3-4df7-8a09-765794883524 --- .../DxeImageVerificationLib.c | 60 ---------------------- .../DxeImageVerificationLib.inf | 3 +- 2 files changed, 1 insertion(+), 62 deletions(-) (limited to 'SecurityPkg/Library/DxeImageVerificationLib') diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 5bc29cf145..9e4bf8681b 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1347,53 +1347,6 @@ Done: return Status; } -/** - When VariableWriteArchProtocol install, create "SecureBoot" variable. - - @param[in] Event Event whose notification function is being invoked. - @param[in] Context Pointer to the notification function's context. - -**/ -VOID -EFIAPI -VariableWriteCallBack ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - UINT8 SecureBootMode; - UINT8 *SecureBootModePtr; - EFI_STATUS Status; - VOID *ProtocolPointer; - - Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer); - if (EFI_ERROR (Status)) { - return; - } - - // - // Check whether "SecureBoot" variable exists. - // If this library is built-in, it means firmware has capability to perform - // driver signing verification. - // - GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL); - if (SecureBootModePtr == NULL) { - SecureBootMode = SECURE_BOOT_MODE_DISABLE; - // - // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable. - // - gRT->SetVariable ( - EFI_SECURE_BOOT_MODE_NAME, - &gEfiGlobalVariableGuid, - EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - sizeof (UINT8), - &SecureBootMode - ); - } else { - FreePool (SecureBootModePtr); - } -} - /** Register security measurement handler. @@ -1409,19 +1362,6 @@ DxeImageVerificationLibConstructor ( IN EFI_SYSTEM_TABLE *SystemTable ) { - VOID *Registration; - - // - // Register callback function upon VariableWriteArchProtocol. - // - EfiCreateProtocolNotifyEvent ( - &gEfiVariableWriteArchProtocolGuid, - TPL_CALLBACK, - VariableWriteCallBack, - NULL, - &Registration - ); - return RegisterSecurity2Handler ( DxeImageVerificationHandler, EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf index dd03b0bf8a..0c6ab968f0 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -59,7 +59,6 @@ gEfiFirmwareVolume2ProtocolGuid gEfiBlockIoProtocolGuid gEfiSimpleFileSystemProtocolGuid - gEfiVariableWriteArchProtocolGuid [Guids] gEfiCertTypeRsa2048Sha256Guid -- cgit v1.2.3