MdeModulePkg: Variable: Update PCR[7] measure for new TCG spec

[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmmRuntimeDxe.c

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
index 0a076ae4675ad6167869fff58aca7c51bcbb66d4..e209d54755ef1bec8f1b47ffa2b20f0533b1915d 100644 (file)
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
@@ -13,7 +13,7 @@
 \r
   InitCommunicateBuffer() is really function to check the variable data size.\r
 \r
-Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -70,6 +70,17 @@ SecureBootHook (
   IN EFI_GUID                               *VendorGuid\r
   );\r
 \r
+/**\r
+  Some Secure Boot Policy Variable may update following other variable changes(SecureBoot follows PK change, etc).\r
+  Record their initial State when variable write service is ready.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+RecordSecureBootPolicyVarData(\r
+  VOID\r
+  );\r
+\r
 /**\r
   Acquires lock only at boot time. Simply returns at runtime.\r
 \r
@@ -1079,6 +1090,12 @@ SmmVariableWriteReady (
     return;\r
   }\r
 \r
+  //\r
+  // Some Secure Boot Policy Var (SecureBoot, etc) updates following other\r
+  // Secure Boot Policy Variable change.  Record their initial value.\r
+  //\r
+  RecordSecureBootPolicyVarData();\r
+\r
   Status = gBS->InstallProtocolInterface (\r
                   &mHandle,\r
                   &gEfiVariableWriteArchProtocolGuid,\r