tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix a bug that “SecureBoot” varaible will be updated to NV+AT attribute incorrectly. 

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5 2013-05-17 08:05:01 +00:00
parent 7953f6832f
commit 0ba17ade47
3 changed files with 2 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -1347,53 +1347,6 @@ Done:
return Status;
}
/**
When VariableWriteArchProtocol install, create "SecureBoot" variable.
@param[in] Event Event whose notification function is being invoked.
@param[in] Context Pointer to the notification function's context.
**/
VOID
EFIAPI
VariableWriteCallBack (
IN EFI_EVENT Event,
IN VOID *Context
)
{
UINT8 SecureBootMode;
UINT8 *SecureBootModePtr;
EFI_STATUS Status;
VOID *ProtocolPointer;
Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);
if (EFI_ERROR (Status)) {
return;
}
//
// Check whether "SecureBoot" variable exists.
// If this library is built-in, it means firmware has capability to perform
// driver signing verification.
//
GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);
if (SecureBootModePtr == NULL) {
SecureBootMode = SECURE_BOOT_MODE_DISABLE;
//
// Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.
//
gRT->SetVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
sizeof (UINT8),
&SecureBootMode
);
} else {
FreePool (SecureBootModePtr);
}
}
/**
Register security measurement handler.
@ -1409,19 +1362,6 @@ DxeImageVerificationLibConstructor (
IN EFI_SYSTEM_TABLE *SystemTable
)
{
VOID *Registration;
//
// Register callback function upon VariableWriteArchProtocol.
//
EfiCreateProtocolNotifyEvent (
&gEfiVariableWriteArchProtocolGuid,
TPL_CALLBACK,
VariableWriteCallBack,
NULL,
&Registration
);
return RegisterSecurity2Handler (
DxeImageVerificationHandler,
EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED

3
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
View File

@ -7,7 +7,7 @@
# This external input must be validated carefully to avoid security issue like
# buffer overflow, integer overflow.
#
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -59,7 +59,6 @@
gEfiFirmwareVolume2ProtocolGuid
gEfiBlockIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid
gEfiVariableWriteArchProtocolGuid
[Guids]
gEfiCertTypeRsa2048Sha256Guid

4
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -675,7 +675,6 @@ UpdatePlatformMode (
{
EFI_STATUS Status;
VARIABLE_POINTER_TRACK Variable;
UINT32 VarAttr;
UINT8 SecureBootMode;
UINT8 SecureBootEnable;
UINTN VariableDataSize;
@ -736,13 +735,12 @@ UpdatePlatformMode (
}
}
VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
&SecureBootMode,
sizeof(UINT8),
VarAttr,
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
0,
0,
&Variable,