From 2415f51ea04418a47f96c11b3c5a4bc93f379cad Mon Sep 17 00:00:00 2001 From: Hao Wu Date: Wed, 6 Jul 2016 14:07:04 +0800 Subject: SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & PK inconsistency issue Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens. Commit hash for the reverted patch in AuthVariable driver is SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d (We integrate the change for AuthService.c in commit 126f3b1de02c71fde8e28abc35a46ac5f135b527 on master to AuthVariableLib.c on UDK2015 branch) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang Reviewed-by: Fu Siyuan (cherry picked from commit 126f3b1de02c71fde8e28abc35a46ac5f135b527) --- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'SecurityPkg/Library') diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index a54eaaa066..00ec1710fc 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -256,19 +256,7 @@ AuthVariableLibInitialize ( SecureBootEnable = SECURE_BOOT_DISABLE; Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize); if (!EFI_ERROR (Status)) { - if (mPlatformMode == SETUP_MODE){ - // - // PK is cleared in runtime. "SecureBootMode" is not updated before reboot - // Delete "SecureBootMode" in SetupMode - // - Status = AuthServiceInternalUpdateVariable ( - EFI_SECURE_BOOT_ENABLE_NAME, - &gEfiSecureBootEnableDisableGuid, - &SecureBootEnable, - 0, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS - ); - } else { + if (mPlatformMode == USER_MODE){ SecureBootEnable = *(UINT8 *) Data; } } else if (mPlatformMode == USER_MODE) { -- cgit v1.2.3