edk2[17401] SecurityPkg Variable: Make PK & SecureBootMode consistent

Sun, 10 May 2015 22:50:33 -0700 

Revision: 17401
          http://sourceforge.net/p/edk2/code/17401
Author:   czhang46
Date:     2015-05-11 05:49:31 +0000 (Mon, 11 May 2015)
Log Message:
-----------
SecurityPkg Variable: Make PK & SecureBootMode consistent

PK can be cleared in runtime. However SecureBootMode variable is not updated 
accordingly.  Add code in variable init to make them consistent.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <[email protected]>
Reviewed-by: Fu Siyuan <[email protected]>

Modified Paths:
--------------
    trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c

Modified: trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
===================================================================
--- trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c       
2015-05-11 05:16:48 UTC (rev 17400)
+++ trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c       
2015-05-11 05:49:31 UTC (rev 17401)
@@ -277,7 +277,25 @@
   SecureBootEnable = SECURE_BOOT_DISABLE;
   FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, 
&Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
   if (Variable.CurrPtr != NULL) {
-    SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));
+    if (mPlatformMode == SETUP_MODE){
+      //
+      // PK is cleared in runtime. "SecureBootMode" is not updated before 
reboot 
+      // Delete "SecureBootMode" in SetupMode
+      //
+      Status = UpdateVariable (
+                 EFI_SECURE_BOOT_ENABLE_NAME,
+                 &gEfiSecureBootEnableDisableGuid,
+                 &SecureBootEnable,
+                 0,
+                 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                 0,
+                 0,
+                 &Variable,
+                 NULL
+                 );
+    } else {
+      SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));
+    }
   } else if (mPlatformMode == USER_MODE) {
     //
     // "SecureBootEnable" not exist, initialize it in USER_MODE.


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to