From 8f8ca22e594e3a6c313f725fbc7e2b20d75c79fd Mon Sep 17 00:00:00 2001 From: sfu5 Date: Thu, 5 Jul 2012 08:08:12 +0000 Subject: 1. Reset system when user changes secure boot state in secure boot configuration form. 2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver. Signed-off-by: Fu Siyuan Reviewed-by: Dong Guo Reviewed-by: Ye Ting git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524 --- .../DxeImageVerificationLib.c | 38 +++++----------------- .../DxeImageVerificationLib.inf | 5 --- 2 files changed, 8 insertions(+), 35 deletions(-) (limited to 'SecurityPkg/Library/DxeImageVerificationLib') diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index dff4bd0371..093932053c 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1254,14 +1254,13 @@ DxeImageVerificationHandler ( UINT16 Magic; EFI_IMAGE_DOS_HEADER *DosHdr; EFI_STATUS VerifyStatus; - UINT8 *SetupMode; EFI_SIGNATURE_LIST *SignatureList; UINTN SignatureListSize; EFI_SIGNATURE_DATA *Signature; EFI_IMAGE_EXECUTION_ACTION Action; WIN_CERTIFICATE *WinCertificate; UINT32 Policy; - UINT8 *SecureBootEnable; + UINT8 *SecureBoot; PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; UINT32 NumberOfRvaAndSizes; UINT32 CertSize; @@ -1309,43 +1308,22 @@ DxeImageVerificationHandler ( return EFI_ACCESS_DENIED; } - GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); // - // Skip verification if SecureBootEnable variable doesn't exist. + // Skip verification if SecureBoot variable doesn't exist. // - if (SecureBootEnable == NULL) { + if (SecureBoot == NULL) { return EFI_SUCCESS; } // - // Skip verification if SecureBootEnable is disabled. + // Skip verification if SecureBoot is disabled. // - if (*SecureBootEnable == SECURE_BOOT_DISABLE) { - FreePool (SecureBootEnable); + if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) { + FreePool (SecureBoot); return EFI_SUCCESS; } - - FreePool (SecureBootEnable); - - GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, (VOID**)&SetupMode, NULL); - - // - // SetupMode doesn't exist means no AuthVar driver is dispatched, - // skip verification. - // - if (SetupMode == NULL) { - return EFI_SUCCESS; - } - - // - // If platform is in SETUP MODE, skip verification. - // - if (*SetupMode == SETUP_MODE) { - FreePool (SetupMode); - return EFI_SUCCESS; - } - - FreePool (SetupMode); + FreePool (SecureBoot); // // Read the Dos header. diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf index e561a648a1..8ec41f4e11 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -68,13 +68,8 @@ gEfiCertSha256Guid gEfiCertX509Guid gEfiCertRsa2048Guid - gEfiSecureBootEnableDisableGuid [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy - - - - -- cgit v1.2.3