X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=SecurityPkg%2FVariableAuthenticated%2FSecureBootConfigDxe%2FSecureBootConfigImpl.c;h=83497a23f52d3ff2ba41b8bdf0d777361329c614;hb=d6b926e76e3d639ac37610e97d33ff9e3a6281eb;hp=acb0dc055892bb6e3a81d2fc086d30e0a079e014;hpb=65c77f02104cf0cf7bd224df3a5fc08795df9aad;p=mirror_edk2.git
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index acb0dc0558..83497a23f5 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -1,14 +1,9 @@
/** @file
HII Config Access protocol implementation of SecureBoot configuration module.
-Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP
+SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -239,7 +234,7 @@ SaveSecureBootVariable (
it's caller's responsibility to free the memory when finish using it.
@retval EFI_SUCCESS Create time based payload successfully.
- @retval EFI_OUT_OF_RESOURCES There are not enough memory resourses to create time based payload.
+ @retval EFI_OUT_OF_RESOURCES There are not enough memory resources to create time based payload.
@retval EFI_INVALID_PARAMETER The parameter is invalid.
@retval Others Unexpected error happens.
@@ -395,7 +390,7 @@ SetSecureBootMode (
@param[out] PkCert Point to the data buffer to store the signature list.
@return EFI_UNSUPPORTED Unsupported Key Length.
- @return EFI_OUT_OF_RESOURCES There are not enough memory resourses to form the signature list.
+ @return EFI_OUT_OF_RESOURCES There are not enough memory resources to form the signature list.
**/
EFI_STATUS
@@ -512,7 +507,7 @@ EnrollPlatformKey (
DEBUG ((EFI_D_INFO, "FilePostFix = %s\n", FilePostFix));
//
- // Prase the selected PK file and generature PK certificate list.
+ // Prase the selected PK file and generate PK certificate list.
//
Status = CreatePkX509SignatureList (
Private->FileContext->FHandle,
@@ -1093,7 +1088,7 @@ IsSignatureFoundInDatabase (
}
//
- // Enumerate all signature data in SigDB to check if executable's signature exists.
+ // Enumerate all signature data in SigDB to check if signature exists for executable.
//
CertList = (EFI_SIGNATURE_LIST *) Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
@@ -1317,7 +1312,7 @@ Done:
/**
Check whether the signature list exists in given variable data.
- It searches the signature list for the ceritificate hash by CertType.
+ It searches the signature list for the certificate hash by CertType.
If the signature list is found, get the offset of Database for the
next hash of a certificate.
@@ -1815,7 +1810,7 @@ LoadPeImage (
Calculate hash of Pe/Coff image based on the authenticode image hashing in
PE/COFF Specification 8.0 Appendix A
- Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
+ Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
the function LoadPeImage ().
@param[in] HashAlg Hash algorithm type.
@@ -1830,7 +1825,6 @@ HashPeImage (
)
{
BOOLEAN Status;
- UINT16 Magic;
EFI_IMAGE_SECTION_HEADER *Section;
VOID *HashCtx;
UINTN CtxSize;
@@ -1873,27 +1867,13 @@ HashPeImage (
// Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded
//
- if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
- //
- // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
- // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
- // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
- // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
- //
- Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
- } else {
- //
- // Get the magic value from the PE/COFF Optional Header
- //
- Magic = mNtHeader.Pe32->OptionalHeader.Magic;
- }
//
// 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum.
//
HashBase = mImageBase;
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
@@ -1914,7 +1894,7 @@ HashPeImage (
// 6. Get the address of the beginning of the Cert Directory.
// 7. Hash everything from the end of the checksum to the start of the Cert Directory.
//
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
@@ -1936,7 +1916,7 @@ HashPeImage (
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header.
//
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
@@ -1957,7 +1937,7 @@ HashPeImage (
//
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
//
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
@@ -2031,7 +2011,7 @@ HashPeImage (
//
if (mImageSize > SumOfBytesHashed) {
HashBase = mImageBase + SumOfBytesHashed;
- if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+ if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
@@ -2127,7 +2107,7 @@ HashPeImageByType (
}
/**
- Enroll a new executable's signature into Signature Database.
+ Enroll a new signature of executable into Signature Database.
@param[in] PrivateData The module's private data.
@param[in] VariableName Variable name of signature database, must be
@@ -2197,7 +2177,7 @@ EnrollAuthentication2Descriptor (
}
//
- // Diretly set AUTHENTICATION_2 data to SetVariable
+ // Directly set AUTHENTICATION_2 data to SetVariable
//
Status = gRT->SetVariable(
VariableName,
@@ -2228,7 +2208,7 @@ ON_EXIT:
/**
- Enroll a new executable's signature into Signature Database.
+ Enroll a new signature of executable into Signature Database.
@param[in] PrivateData The module's private data.
@param[in] VariableName Variable name of signature database, must be
@@ -2267,7 +2247,7 @@ EnrollImageSignatureToSigDB (
// Form the SigDB certificate list.
// Format the data item into EFI_SIGNATURE_LIST type.
//
- // We need to parse executable's signature data from specified signed executable file.
+ // We need to parse signature data of executable from specified signed executable file.
// In current implementation, we simply trust the pass-in signed executable file.
// In reality, it's OS's responsibility to verify the signed executable file.
//
@@ -3145,6 +3125,9 @@ DeleteSignatureEx (
if (DelType == Delete_Signature_List_All) {
VariableDataSize = 0;
} else {
+ //
+ // Traverse to target EFI_SIGNATURE_LIST but others will be skipped.
+ //
while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex < PrivateData->ListIndex) {
CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, ListWalker->SignatureListSize);
Offset += ListWalker->SignatureListSize;
@@ -3154,15 +3137,17 @@ DeleteSignatureEx (
ListIndex++;
}
- if (CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) || DelType == Delete_Signature_List_One) {
- RemainingSize -= ListWalker->SignatureListSize;
- ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
- } else {
+ //
+ // Handle the target EFI_SIGNATURE_LIST.
+ // If CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) or DelType == Delete_Signature_List_One
+ // it means delete the whole EFI_SIGNATURE_LIST, So we just skip this EFI_SIGNATURE_LIST.
+ //
+ if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType == Delete_Signature_Data) {
NewCertList = (EFI_SIGNATURE_LIST *)(NewVariableData + Offset);
//
// Copy header.
//
- CopyMem ((UINT8 *)NewVariableData, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
+ CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
Offset += sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize;
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
@@ -3181,10 +3166,11 @@ DeleteSignatureEx (
}
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize);
}
-
- RemainingSize -= ListWalker->SignatureListSize;
}
+ RemainingSize -= ListWalker->SignatureListSize;
+ ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
+
//
// Copy remaining data, maybe 0.
//
@@ -3283,7 +3269,7 @@ SecureBootExtractConfigFromVariable (
SecureBootMode = NULL;
//
- // Initilize the Date and Time using system time.
+ // Initialize the Date and Time using system time.
//
ConfigData->CertificateFormat = HASHALG_RAW;
ConfigData->AlwaysRevocation = TRUE;
@@ -3320,15 +3306,15 @@ SecureBootExtractConfigFromVariable (
}
//
- // Check SecureBootEnable & Pk status, fix the inconsistence.
+ // Check SecureBootEnable & Pk status, fix the inconsistency.
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
// Checkbox.
//
ConfigData->AttemptSecureBoot = FALSE;
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
//
- // Fix Pk, SecureBootEnable inconsistence
+ // Fix Pk and SecureBootEnable inconsistency
//
if ((SetupMode != NULL) && (*SetupMode) == USER_MODE) {
ConfigData->HideSecureBoot = FALSE;
@@ -3572,6 +3558,9 @@ LoadSignatureList (
{
EFI_STATUS Status;
EFI_STRING_ID ListType;
+ EFI_STRING FormatNameString;
+ EFI_STRING FormatHelpString;
+ EFI_STRING FormatTypeString;
EFI_SIGNATURE_LIST *ListWalker;
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
@@ -3591,6 +3580,8 @@ LoadSignatureList (
CHAR16 HelpBuffer[BUFFER_MAX_SIZE];
Status = EFI_SUCCESS;
+ FormatNameString = NULL;
+ FormatHelpString = NULL;
StartOpCodeHandle = NULL;
EndOpCodeHandle = NULL;
StartGotoHandle = NULL;
@@ -3705,6 +3696,12 @@ LoadSignatureList (
goto ON_EXIT;
}
+ FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL);
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL);
+ if (FormatNameString == NULL || FormatHelpString == NULL) {
+ goto ON_EXIT;
+ }
+
RemainingSize = DataSize;
ListWalker = (EFI_SIGNATURE_LIST *)VariableData;
while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize)) {
@@ -3725,21 +3722,23 @@ LoadSignatureList (
} else {
ListType = STRING_TOKEN (STR_LIST_TYPE_UNKNOWN);
}
+ FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListType, NULL);
+ if (FormatTypeString == NULL) {
+ goto ON_EXIT;
+ }
ZeroMem (NameBuffer, sizeof (NameBuffer));
- UnicodeSPrint (NameBuffer,
- sizeof (NameBuffer),
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL),
- Index + 1
- );
+ UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1);
ZeroMem (HelpBuffer, sizeof (HelpBuffer));
UnicodeSPrint (HelpBuffer,
sizeof (HelpBuffer),
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL),
- HiiGetString (PrivateData->HiiHandle, ListType, NULL),
+ FormatHelpString,
+ FormatTypeString,
SIGNATURE_DATA_COUNTS (ListWalker)
);
+ SECUREBOOT_FREE_NON_NULL (FormatTypeString);
+ FormatTypeString = NULL;
HiiCreateGotoOpCode (
StartOpCodeHandle,
@@ -3777,6 +3776,8 @@ ON_EXIT:
SECUREBOOT_FREE_NON_OPCODE (EndGotoHandle);
SECUREBOOT_FREE_NON_NULL (VariableData);
+ SECUREBOOT_FREE_NON_NULL (FormatNameString);
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);
PrivateData->ListCount = Index;
@@ -3922,6 +3923,8 @@ FormatHelpInfo (
EFI_STATUS Status;
EFI_TIME *Time;
EFI_STRING_ID ListTypeId;
+ EFI_STRING FormatHelpString;
+ EFI_STRING FormatTypeString;
UINTN DataSize;
UINTN HelpInfoIndex;
UINTN TotalSize;
@@ -3931,12 +3934,13 @@ FormatHelpInfo (
CHAR16 *HelpInfoString;
BOOLEAN IsCert;
- Status = EFI_SUCCESS;
- Time = NULL;
- HelpInfoIndex = 0;
- DataString = NULL;
- HelpInfoString = NULL;
- IsCert = FALSE;
+ Status = EFI_SUCCESS;
+ Time = NULL;
+ FormatTypeString = NULL;
+ HelpInfoIndex = 0;
+ DataString = NULL;
+ HelpInfoString = NULL;
+ IsCert = FALSE;
if (CompareGuid(&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) {
ListTypeId = STRING_TOKEN(STR_LIST_TYPE_RSA2048_SHA256);
@@ -3969,6 +3973,11 @@ FormatHelpInfo (
goto ON_EXIT;
}
+ FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL);
+ if (FormatTypeString == NULL) {
+ goto ON_EXIT;
+ }
+
TotalSize = 1024;
HelpInfoString = AllocateZeroPool (TotalSize);
if (HelpInfoString == NULL) {
@@ -3981,40 +3990,45 @@ FormatHelpInfo (
//
ZeroMem (GuidString, sizeof (GuidString));
GuidToString(&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE);
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL);
+ if (FormatHelpString == NULL) {
+ goto ON_EXIT;
+ }
HelpInfoIndex += UnicodeSPrint (
&HelpInfoString[HelpInfoIndex],
TotalSize - sizeof(CHAR16) * HelpInfoIndex,
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL),
+ FormatHelpString,
GuidString
);
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);
+ FormatHelpString = NULL;
//
// Format content part, it depends on the type of signature list, hash value or CN.
//
if (IsCert) {
GetCommonNameFromX509 (ListEntry, DataEntry, &DataString);
- HelpInfoIndex += UnicodeSPrint(
- &HelpInfoString[HelpInfoIndex],
- TotalSize - sizeof(CHAR16) * HelpInfoIndex,
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_CN), NULL),
- HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL),
- DataSize,
- DataString
- );
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_CN), NULL);
} else {
//
// Format hash value for each signature data entry.
//
ParseHashValue (ListEntry, DataEntry, &DataString);
- HelpInfoIndex += UnicodeSPrint (
- &HelpInfoString[HelpInfoIndex],
- TotalSize - sizeof(CHAR16) * HelpInfoIndex,
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL),
- HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL),
- DataSize,
- DataString
- );
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL);
}
+ if (FormatHelpString == NULL) {
+ goto ON_EXIT;
+ }
+ HelpInfoIndex += UnicodeSPrint (
+ &HelpInfoString[HelpInfoIndex],
+ TotalSize - sizeof (CHAR16) * HelpInfoIndex,
+ FormatHelpString,
+ FormatTypeString,
+ DataSize,
+ DataString
+ );
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);
+ FormatHelpString = NULL;
//
// Format revocation time part.
@@ -4032,13 +4046,18 @@ FormatHelpInfo (
Time->Minute,
Time->Second
);
-
+ FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL);
+ if (FormatHelpString == NULL) {
+ goto ON_EXIT;
+ }
UnicodeSPrint (
&HelpInfoString[HelpInfoIndex],
TotalSize - sizeof (CHAR16) * HelpInfoIndex,
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL),
+ FormatHelpString,
TimeString
);
+ SECUREBOOT_FREE_NON_NULL (FormatHelpString);
+ FormatHelpString = NULL;
}
*StringId = HiiSetString (PrivateData->HiiHandle, 0, HelpInfoString, NULL);
@@ -4046,6 +4065,8 @@ ON_EXIT:
SECUREBOOT_FREE_NON_NULL (DataString);
SECUREBOOT_FREE_NON_NULL (HelpInfoString);
+ SECUREBOOT_FREE_NON_NULL (FormatTypeString);
+
return Status;
}
@@ -4076,6 +4097,7 @@ LoadSignatureData (
EFI_IFR_GUID_LABEL *StartLabel;
EFI_IFR_GUID_LABEL *EndLabel;
EFI_STRING_ID HelpStringId;
+ EFI_STRING FormatNameString;
VOID *StartOpCodeHandle;
VOID *EndOpCodeHandle;
UINTN DataSize;
@@ -4086,6 +4108,7 @@ LoadSignatureData (
CHAR16 NameBuffer[BUFFER_MAX_SIZE];
Status = EFI_SUCCESS;
+ FormatNameString = NULL;
StartOpCodeHandle = NULL;
EndOpCodeHandle = NULL;
Index = 0;
@@ -4167,17 +4190,18 @@ LoadSignatureData (
ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize);
}
+ FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL);
+ if (FormatNameString == NULL) {
+ goto ON_EXIT;
+ }
+
DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize);
for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) {
//
// Format name buffer.
//
ZeroMem (NameBuffer, sizeof (NameBuffer));
- UnicodeSPrint (NameBuffer,
- sizeof (NameBuffer),
- HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL),
- Index + 1
- );
+ UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1);
//
// Format help info buffer.
@@ -4221,6 +4245,7 @@ ON_EXIT:
SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle);
SECUREBOOT_FREE_NON_NULL (VariableData);
+ SECUREBOOT_FREE_NON_NULL (FormatNameString);
return Status;
}
@@ -4274,6 +4299,7 @@ SecureBootCallback (
UINTN NameLength;
UINT16 *FilePostFix;
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
+ BOOLEAN GetBrowserDataResult;
Status = EFI_SUCCESS;
SecureBootEnable = NULL;
@@ -4298,7 +4324,7 @@ SecureBootCallback (
return EFI_OUT_OF_RESOURCES;
}
- HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
+ GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
if (QuestionId == KEY_SECURE_BOOT_MODE) {
@@ -4338,7 +4364,7 @@ SecureBootCallback (
Value->u8 = SECURE_BOOT_MODE_STANDARD;
Status = EFI_SUCCESS;
}
- }
+ }
goto EXIT;
}
@@ -4844,7 +4870,7 @@ SecureBootCallback (
EXIT:
- if (!EFI_ERROR (Status)) {
+ if (!EFI_ERROR (Status) && GetBrowserDataResult) {
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
}