SecureBootEnable = SECURE_BOOT_DISABLE;\r
Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);\r
if (!EFI_ERROR(Status)) {\r
- if (!IsPkPresent) {\r
- //\r
- // PK is cleared in runtime. "SecureBootMode" is not updated before reboot\r
- // Delete "SecureBootMode"\r
- //\r
- Status = AuthServiceInternalUpdateVariable (\r
- EFI_SECURE_BOOT_ENABLE_NAME,\r
- &gEfiSecureBootEnableDisableGuid,\r
- &SecureBootEnable,\r
- 0,\r
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
- );\r
- } else {\r
+ if (IsPkPresent) {\r
SecureBootEnable = *Data;\r
}\r
} else if ((SecureBootMode == SecureBootModeTypeUserMode) || (SecureBootMode == SecureBootModeTypeDeployedMode)) {\r
ConfigData->RevocationTime.Minute = CurrTime.Minute;\r
ConfigData->RevocationTime.Second = 0;\r
\r
- //\r
- // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
- // Checkbox.\r
- //\r
- ConfigData->AttemptSecureBoot = FALSE;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
- ConfigData->HideSecureBoot = TRUE;\r
- } else {\r
- ConfigData->HideSecureBoot = FALSE;\r
- if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {\r
- ConfigData->AttemptSecureBoot = TRUE;\r
- }\r
- }\r
\r
//\r
// If it is Physical Presence User, set the PhysicalPresent to true.\r
ConfigData->HasPk = TRUE;\r
}\r
\r
+ //\r
+ // Check SecureBootEnable & Pk status, fix the inconsistence. \r
+ // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable\r
+ // Checkbox.\r
+ //\r
+ ConfigData->AttemptSecureBoot = FALSE;\r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); \r
+\r
+ //\r
+ // Fix Pk, SecureBootEnable inconsistence\r
+ //\r
+ if (ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_USER_MODE || ConfigData->CurSecureBootMode == SECURE_BOOT_MODE_DEPLOYED_MODE) {\r
+ ConfigData->HideSecureBoot = FALSE;\r
+ if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) {\r
+ ConfigData->AttemptSecureBoot = TRUE;\r
+ }\r
+ } else {\r
+ ConfigData->HideSecureBoot = TRUE;\r
+ }\r
+\r
if (SecureBootEnable != NULL) {\r
FreePool (SecureBootEnable);\r
}\r
OUT EFI_STRING *Progress\r
)\r
{\r
- UINT8 *SecureBootEnable;\r
SECUREBOOT_CONFIGURATION IfrNvData;\r
UINTN BufferSize;\r
EFI_STATUS Status;\r
//\r
// Store Buffer Storage back to EFI variable if needed\r
//\r
- SecureBootEnable = NULL;\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (NULL != SecureBootEnable) {\r
- FreePool (SecureBootEnable);\r
+ if (!IfrNvData.HideSecureBoot) {\r
Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
SECUREBOOT_CONFIGURATION *IfrNvData;\r
UINT16 LabelId;\r
UINT8 *SecureBootEnable;\r
+ UINT8 *Pk;\r
UINT8 *SecureBootMode;\r
CHAR16 PromptString[100];\r
UINT8 CurSecureBootMode;\r
}\r
} else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) {\r
if (QuestionId == KEY_HIDE_SECURE_BOOT) {\r
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
- if (SecureBootEnable == NULL) {\r
+ GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL);\r
+ if (Pk == NULL) {\r
IfrNvData->HideSecureBoot = TRUE;\r
} else {\r
- FreePool (SecureBootEnable);\r
+ FreePool (Pk);\r
IfrNvData->HideSecureBoot = FALSE;\r
}\r
Value->b = IfrNvData->HideSecureBoot;\r