tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-29 08:34:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update DEC file and DxeImageVerificationLib to note user that ALLOW_EXECUTE_ON_SECURITY_VIOLATION is no longer supported.

Browse Source 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14923 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Fu Siyuan 2013-12-02 07:52:35 +00:00 committed by sfu5
parent 1925ea6917
commit 68fc0c7319
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -1108,10 +1108,11 @@ DxeImageVerificationHandler (
} }
// //
// The policy QUERY_USER_ON_SECURITY_VIOLATION violates the UEFI spec and has been removed. // The policy QUERY_USER_ON_SECURITY_VIOLATION and ALLOW_EXECUTE_ON_SECURITY_VIOLATION
// violates the UEFI spec and has been removed.
// //
ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION); ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);
if (Policy == QUERY_USER_ON_SECURITY_VIOLATION) { if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) {
CpuDeadLoop (); CpuDeadLoop ();
} }

9
SecurityPkg/SecurityPkg.dec
View File

@ -114,7 +114,8 @@
# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 # DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 # DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 # QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
# NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed. # NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION and ALLOW_EXECUTE_ON_SECURITY_VIOLATION since
# it violates the UEFI specification and has been removed.
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001
## Pcd for removable media. ## Pcd for removable media.
@ -126,7 +127,8 @@
# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 # DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 # DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 # QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
# NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed. # NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION and ALLOW_EXECUTE_ON_SECURITY_VIOLATION since
# it violates the UEFI specification and has been removed.
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002 gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002
## Pcd for fixed media. ## Pcd for fixed media.
@ -138,7 +140,8 @@
# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 # DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 # DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 # QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
# NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed. # NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION and ALLOW_EXECUTE_ON_SECURITY_VIOLATION since
# it violates the UEFI specification and has been removed.
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04|UINT32|0x00000003 gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04|UINT32|0x00000003
## Defer Image Load policy settings. ## Defer Image Load policy settings.