SecurityPkg Variable: Make PK & SecureBootMode consistent

[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / AuthService.c

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index b48129135fd3f8c1cdfcc539a10208035a611f3c..36d447027d89c4d7fdd21ae20a444eba96e6ccc4 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -277,7 +277,25 @@ AutenticatedVariableServiceInitialize (
   SecureBootEnable = SECURE_BOOT_DISABLE;\r
   FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r
   if (Variable.CurrPtr != NULL) {\r
-    SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r
+    if (mPlatformMode == SETUP_MODE){\r
+      //\r
+      // PK is cleared in runtime. "SecureBootMode" is not updated before reboot \r
+      // Delete "SecureBootMode" in SetupMode\r
+      //\r
+      Status = UpdateVariable (\r
+                 EFI_SECURE_BOOT_ENABLE_NAME,\r
+                 &gEfiSecureBootEnableDisableGuid,\r
+                 &SecureBootEnable,\r
+                 0,\r
+                 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+                 0,\r
+                 0,\r
+                 &Variable,\r
+                 NULL\r
+                 );\r
+    } else {\r
+      SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r
+    }\r
   } else if (mPlatformMode == USER_MODE) {\r
     //\r
     // "SecureBootEnable" not exist, initialize it in USER_MODE.\r