From db44ea6c4e093c1a53d752bb21b9eba8ad8fdaa9 Mon Sep 17 00:00:00 2001 From: Fu Siyuan Date: Wed, 28 Aug 2013 09:06:40 +0000 Subject: 1. Change default PCD in SecurityPkg to 4 (DENY_EXECUTE) in DEC file. 2. ASSERT if PCD value is set to 5 (QUERY_USER_ON_SECURITY_VIOLATION). 3. Update override PCD setting from 5 to 4 in platform DSC file. Signed-off-by: Fu Siyuan Reviewed-by: Ni Ruiyu Reviewed-by: Ye Ting git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14607 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'SecurityPkg/Library') diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 9e4bf8681b..2458ee2ae1 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1086,6 +1086,14 @@ DxeImageVerificationHandler ( return EFI_ACCESS_DENIED; } + // + // The policy QUERY_USER_ON_SECURITY_VIOLATION violates the UEFI spec and has been removed. + // + ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION); + if (Policy == QUERY_USER_ON_SECURITY_VIOLATION) { + CpuDeadLoop (); + } + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); // // Skip verification if SecureBoot variable doesn't exist. -- cgit v1.2.3