]>
Commit | Line | Data |
---|---|---|
d6bee54c KQ |
1 | /** @file\r |
2 | Provides an abstracted interface for configuring PK related variable protection.\r | |
3 | \r | |
4 | Copyright (c) Microsoft Corporation.\r | |
5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
6 | \r | |
7 | **/\r | |
8 | #include <Uefi.h>\r | |
9 | #include <Protocol/VariablePolicy.h>\r | |
10 | \r | |
11 | #include <Library/DebugLib.h>\r | |
12 | #include <Library/UefiBootServicesTableLib.h>\r | |
13 | \r | |
14 | /**\r | |
15 | Disable any applicable protection against variable 'PK'. The implementation\r | |
16 | of this interface is platform specific, depending on the protection techniques\r | |
17 | used per platform.\r | |
18 | \r | |
19 | Note: It is the platform's responsibility to conduct cautious operation after\r | |
20 | disabling this protection.\r | |
21 | \r | |
22 | @retval EFI_SUCCESS State has been successfully updated.\r | |
23 | @retval Others Error returned from implementation specific\r | |
24 | underying APIs.\r | |
25 | \r | |
26 | **/\r | |
27 | EFI_STATUS\r | |
28 | EFIAPI\r | |
29 | DisablePKProtection (\r | |
30 | VOID\r | |
31 | )\r | |
32 | {\r | |
33 | EFI_STATUS Status;\r | |
34 | EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;\r | |
35 | \r | |
36 | DEBUG ((DEBUG_INFO, "%a() Entry...\n", __FUNCTION__));\r | |
37 | \r | |
38 | // IMPORTANT NOTE: This operation is sticky and leaves variable protections disabled.\r | |
39 | // The system *MUST* be reset after performing this operation.\r | |
40 | Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy);\r | |
41 | if (!EFI_ERROR (Status)) {\r | |
42 | Status = VariablePolicy->DisableVariablePolicy ();\r | |
43 | // EFI_ALREADY_STARTED means that everything is currently disabled.\r | |
44 | // This should be considered SUCCESS.\r | |
45 | if (Status == EFI_ALREADY_STARTED) {\r | |
46 | Status = EFI_SUCCESS;\r | |
47 | }\r | |
48 | }\r | |
49 | \r | |
50 | return Status;\r | |
51 | }\r |