]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
OvmfPkg: Add custom SecureBootConfigDxe that doesn't reset
[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.c
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index dff4bd037141b11d3f41eb067b3759994575f609..f83e530c5c52f6d0b82774fae8eaa28c038ae3ad 100644 (file)
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -984,7 +984,7 @@ IsPkcsSignedDataVerifiedBySignatureList (
           // Iterate each Signature Data Node within this CertList for verify.\r
           //\r
           RootCert      = Cert->SignatureData;\r
-          RootCertSize  = CertList->SignatureSize;\r
+          RootCertSize  = CertList->SignatureSize - sizeof (EFI_GUID);\r
 \r
           //\r
           // Call AuthenticodeVerify library to Verify Authenticode struct.\r
@@ -1254,14 +1254,13 @@ DxeImageVerificationHandler (
   UINT16                               Magic;\r
   EFI_IMAGE_DOS_HEADER                 *DosHdr;\r
   EFI_STATUS                           VerifyStatus;\r
-  UINT8                                *SetupMode;\r
   EFI_SIGNATURE_LIST                   *SignatureList;\r
   UINTN                                SignatureListSize;\r
   EFI_SIGNATURE_DATA                   *Signature;\r
   EFI_IMAGE_EXECUTION_ACTION           Action;\r
   WIN_CERTIFICATE                      *WinCertificate;\r
   UINT32                               Policy;\r
-  UINT8                                *SecureBootEnable;\r
+  UINT8                                *SecureBoot;\r
   PE_COFF_LOADER_IMAGE_CONTEXT         ImageContext;\r
   UINT32                               NumberOfRvaAndSizes;\r
   UINT32                               CertSize;\r
@@ -1309,43 +1308,22 @@ DxeImageVerificationHandler (
     return EFI_ACCESS_DENIED;\r
   }\r
 \r
-  GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
+  GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);\r
   //\r
-  // Skip verification if SecureBootEnable variable doesn't exist.\r
+  // Skip verification if SecureBoot variable doesn't exist.\r
   //\r
-  if (SecureBootEnable == NULL) {\r
+  if (SecureBoot == NULL) {\r
     return EFI_SUCCESS;\r
   }\r
 \r
   //\r
-  // Skip verification if SecureBootEnable is disabled.\r
+  // Skip verification if SecureBoot is disabled.\r
   //\r
-  if (*SecureBootEnable == SECURE_BOOT_DISABLE) {\r
-    FreePool (SecureBootEnable);\r
+  if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {\r
+    FreePool (SecureBoot);\r
     return EFI_SUCCESS;\r
   }\r
-\r
-  FreePool (SecureBootEnable);\r
-\r
-  GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, (VOID**)&SetupMode, NULL);\r
-\r
-  //\r
-  // SetupMode doesn't exist means no AuthVar driver is dispatched,\r
-  // skip verification.\r
-  //\r
-  if (SetupMode == NULL) {\r
-    return EFI_SUCCESS;\r
-  }\r
-\r
-  //\r
-  // If platform is in SETUP MODE, skip verification.\r
-  //\r
-  if (*SetupMode == SETUP_MODE) {\r
-    FreePool (SetupMode);\r
-    return EFI_SUCCESS;\r
-  }\r
-\r
-  FreePool (SetupMode);\r
+  FreePool (SecureBoot);\r
 \r
   //\r
   // Read the Dos header.\r
EFI Development Kit II mirror for PVE