PK can be cleared in runtime. However SecureBootMode variable is not updated accordingly. Add code in variable init to make them consistent.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17401
6f19259b-4bc3-4df7-8a09-
765794883524
SecureBootEnable = SECURE_BOOT_DISABLE;\r
FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r
if (Variable.CurrPtr != NULL) {\r
SecureBootEnable = SECURE_BOOT_DISABLE;\r
FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r
if (Variable.CurrPtr != NULL) {\r
- SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r
+ if (mPlatformMode == SETUP_MODE){\r
+ //\r
+ // PK is cleared in runtime. "SecureBootMode" is not updated before reboot \r
+ // Delete "SecureBootMode" in SetupMode\r
+ //\r
+ Status = UpdateVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME,\r
+ &gEfiSecureBootEnableDisableGuid,\r
+ &SecureBootEnable,\r
+ 0,\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+ 0,\r
+ 0,\r
+ &Variable,\r
+ NULL\r
+ );\r
+ } else {\r
+ SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r
+ }\r
} else if (mPlatformMode == USER_MODE) {\r
//\r
// "SecureBootEnable" not exist, initialize it in USER_MODE.\r
} else if (mPlatformMode == USER_MODE) {\r
//\r
// "SecureBootEnable" not exist, initialize it in USER_MODE.\r