From: Min M Xu <min.m...@intel.com>
OvmfPkg/Library/NvVarsFileLib allows loading variables into emulated
varstore from a on-disk NvVars file. We can't allow that when secure
boot is active. So check secure-boot feature and shortcut the
ConnectNvVarsToFileSystem() function when sb is enabled.
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Suggested-by: Gerd Hoffmann <kra...@redhat.com>
Signed-off-by: Min Xu <min.m...@intel.com>
---
OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
index 21b71524ea48..72289da35819 100644
--- a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
+++ b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
@@ -28,6 +28,12 @@ ConnectNvVarsToFileSystem (
IN EFI_HANDLE FsHandle
)
{
+ #ifdef SECURE_BOOT_FEATURE_ENABLED
+
+ return EFI_UNSUPPORTED;
+
+ #else
+
EFI_STATUS Status;
//
@@ -46,6 +52,7 @@ ConnectNvVarsToFileSystem (
}
return Status;
+ #endif
}
/**
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90840): https://edk2.groups.io/g/devel/message/90840
Mute This Topic: https://groups.io/mt/92061207/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
