]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix a bug that “SecureBoot” varaible will be updated to NV+AT attribute incorrectly.
[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.c
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 5bc29cf1458864a00ea0ccc8dd79419d51ddf4c2..9e4bf8681b959a12bbe5906c4647e534a67eceaa 100644 (file)
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1347,53 +1347,6 @@ Done:
   return Status;\r
 }\r
 \r
-/**\r
-  When VariableWriteArchProtocol install, create "SecureBoot" variable.\r
-\r
-  @param[in] Event    Event whose notification function is being invoked.\r
-  @param[in] Context  Pointer to the notification function's context.\r
-\r
-**/\r
-VOID\r
-EFIAPI\r
-VariableWriteCallBack (\r
-  IN  EFI_EVENT                           Event,\r
-  IN  VOID                                *Context\r
-  )\r
-{\r
-  UINT8                       SecureBootMode;\r
-  UINT8                       *SecureBootModePtr;\r
-  EFI_STATUS                  Status;\r
-  VOID                        *ProtocolPointer;\r
-\r
-  Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);\r
-  if (EFI_ERROR (Status)) {\r
-    return;\r
-  }\r
-\r
-  //\r
-  // Check whether "SecureBoot" variable exists.\r
-  // If this library is built-in, it means firmware has capability to perform\r
-  // driver signing verification.\r
-  //\r
-  GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);\r
-  if (SecureBootModePtr == NULL) {\r
-    SecureBootMode   = SECURE_BOOT_MODE_DISABLE;\r
-    //\r
-    // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.\r
-    //\r
-    gRT->SetVariable (\r
-           EFI_SECURE_BOOT_MODE_NAME,\r
-           &gEfiGlobalVariableGuid,\r
-           EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
-           sizeof (UINT8),\r
-           &SecureBootMode\r
-           );\r
-  } else {\r
-    FreePool (SecureBootModePtr);\r
-  }\r
-}\r
-\r
 /**\r
   Register security measurement handler.\r
 \r
@@ -1409,19 +1362,6 @@ DxeImageVerificationLibConstructor (
   IN EFI_SYSTEM_TABLE  *SystemTable\r
   )\r
 {\r
-  VOID                *Registration;\r
-\r
-  //\r
-  // Register callback function upon VariableWriteArchProtocol.\r
-  //\r
-  EfiCreateProtocolNotifyEvent (\r
-    &gEfiVariableWriteArchProtocolGuid,\r
-    TPL_CALLBACK,\r
-    VariableWriteCallBack,\r
-    NULL,\r
-    &Registration\r
-    );\r
-\r
   return RegisterSecurity2Handler (\r
           DxeImageVerificationHandler,\r
           EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
EFI Development Kit II mirror for PVE