audk/OvmfPkg/Library
jljusten e678f9db89 OvmfPkg/SerializeVariablesLib: ignore secure variable restore errors
OvmfPkg's file-based NvVar storage is read back as follows at boot (all
paths under OvmfPkg/Library/):

PlatformBdsPolicyBehavior() [PlatformBdsLib/BdsPlatform.c]
  PlatformBdsRestoreNvVarsFromHardDisk()
    VisitAllInstancesOfProtocol
      for each simple file system:
        VisitingFileSystemInstance()
          ConnectNvVarsToFileSystem() [NvVarsFileLib/NvVarsFileLib.c]
            LoadNvVarsFromFs() [NvVarsFileLib/FsAccess.c]
              ReadNvVarsFile()
+-------------> SerializeVariablesSetSerializedVariables() [SerializeVariablesLib/SerializeVariablesLib.c]
|                 SerializeVariablesIterateInstanceVariables()
|   +-------------> IterateVariablesInBuffer()
|   |                 for each loaded / deserialized variable:
| +-|-----------------> IterateVariablesCallbackSetSystemVariable()
| | |                     gRT->SetVariable()
| | |
| | IterateVariablesInBuffer() stops processing variables as soon as the
| | first error is encountered from the callback function.
| |
| | In this case the callback function is
| IterateVariablesCallbackSetSystemVariable(), selected by
SerializeVariablesSetSerializedVariables().

The result is that no NvVar is restored from the file after the first
gRT->SetVariable() failure.

On my system such a failure
- never happens in an OVMF build with secure boot disabled,
- happens *immediately* with SECURE_BOOT_ENABLE, because the first
  variable to restore is "AuthVarKeyDatabase".

"AuthVarKeyDatabase" has the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
attribute set. Since the loop tries to restore it before any keys (PK, KEK
etc) are enrolled, gRT->SetVariable() rejects it with
EFI_SECURITY_VIOLATION. Consequently the NvVar restore loop terminates
immediately, and we never reach non-authenticated variables such as
Boot#### and BootOrder.

Until work on KVM-compatible flash emulation converges between qemu and
OvmfPkg, improve the SECURE_BOOT_ENABLE boot experience by masking
EFI_SECURITY_VIOLATION in the callback:
- authenticated variables continue to be rejected same as before, but
- at least we allow the loop to progress and restore non-authenticated
  variables, for example boot options.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14390 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-28 17:21:37 +00:00
..
AcpiTimerLib When SOURCE_DEBUG_ENABLE is set, a TimerLib is linked into the SEC Phase to support the Debug Agent and the TimerLib is mapped into read-only ROM/FLASH. 2012-10-04 20:58:21 +00:00
EmuVariableFvbLib OvmfPkg EMU FVB: Add 2 functions to PlatformFvbLib 2011-01-09 03:51:16 +00:00
LoadLinuxLib OvmfPkg LoadLinuxLib: Use kernel's EFI entry point where available 2013-02-14 19:21:39 +00:00
NvVarsFileLib OvmfPkg NvVarsFileLib: Leverage SerializeVariablesLib 2011-01-30 19:50:08 +00:00
PlatformBdsLib OvmfPkg: QemuBootOrder: recognize Ethernet OFW device paths 2013-05-15 18:21:08 +00:00
PlatformDebugLibIoPort OvmfPkg: add support for debug console on port 0x402 2012-07-26 16:36:39 +00:00
PlatformFvbLibNull OvmfPkg EMU FVB: Add 2 functions to PlatformFvbLib 2011-01-09 03:51:16 +00:00
PlatformSecureLib OvmfPkg: Add custom mode setup if the Secure Boot build option is specified. 2012-04-04 17:35:06 +00:00
QemuFwCfgLib QemuFwCfgLib: Add QemuFwCfgWriteBytes() function 2013-01-28 16:54:55 +00:00
ResetSystemLib OvmfPkg: make sure ResetCold() and ResetWarm() never return 2013-03-04 17:38:42 +00:00
SerializeVariablesLib OvmfPkg/SerializeVariablesLib: ignore secure variable restore errors 2013-05-28 17:21:37 +00:00
VirtioLib OvmfPkg: adapt VirtioFlush()'s leading comment to the coding style 2013-05-15 06:23:22 +00:00