summaryrefslogtreecommitdiff
path: root/SecurityPkg/Library
diff options
context:
space:
mode:
authorsfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>2012-07-05 08:08:12 +0000
committersfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524>2012-07-05 08:08:12 +0000
commit8f8ca22e594e3a6c313f725fbc7e2b20d75c79fd (patch)
tree7ff3a01251e6922c56612e83c6d39a4264f205bb /SecurityPkg/Library
parentb37aa2c645ff7e9c2209fe325f6078813ff462cd (diff)
1. Reset system when user changes secure boot state in secure boot configuration form.
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Library')
-rw-r--r--SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c38
-rw-r--r--SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf5
2 files changed, 8 insertions, 35 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index dff4bd037..093932053 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1254,14 +1254,13 @@ DxeImageVerificationHandler (
UINT16 Magic;
EFI_IMAGE_DOS_HEADER *DosHdr;
EFI_STATUS VerifyStatus;
- UINT8 *SetupMode;
EFI_SIGNATURE_LIST *SignatureList;
UINTN SignatureListSize;
EFI_SIGNATURE_DATA *Signature;
EFI_IMAGE_EXECUTION_ACTION Action;
WIN_CERTIFICATE *WinCertificate;
UINT32 Policy;
- UINT8 *SecureBootEnable;
+ UINT8 *SecureBoot;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
UINT32 NumberOfRvaAndSizes;
UINT32 CertSize;
@@ -1309,43 +1308,22 @@ DxeImageVerificationHandler (
return EFI_ACCESS_DENIED;
}
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
+ GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
//
- // Skip verification if SecureBootEnable variable doesn't exist.
+ // Skip verification if SecureBoot variable doesn't exist.
//
- if (SecureBootEnable == NULL) {
+ if (SecureBoot == NULL) {
return EFI_SUCCESS;
}
//
- // Skip verification if SecureBootEnable is disabled.
+ // Skip verification if SecureBoot is disabled.
//
- if (*SecureBootEnable == SECURE_BOOT_DISABLE) {
- FreePool (SecureBootEnable);
+ if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {
+ FreePool (SecureBoot);
return EFI_SUCCESS;
}
-
- FreePool (SecureBootEnable);
-
- GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, (VOID**)&SetupMode, NULL);
-
- //
- // SetupMode doesn't exist means no AuthVar driver is dispatched,
- // skip verification.
- //
- if (SetupMode == NULL) {
- return EFI_SUCCESS;
- }
-
- //
- // If platform is in SETUP MODE, skip verification.
- //
- if (*SetupMode == SETUP_MODE) {
- FreePool (SetupMode);
- return EFI_SUCCESS;
- }
-
- FreePool (SetupMode);
+ FreePool (SecureBoot);
//
// Read the Dos header.
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
index e561a648a..8ec41f4e1 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
@@ -68,13 +68,8 @@
gEfiCertSha256Guid
gEfiCertX509Guid
gEfiCertRsa2048Guid
- gEfiSecureBootEnableDisableGuid
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy
-
-
-
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 02:11:16 +0000