{\r
EFI_STATUS Status;\r
VARIABLE_POINTER_TRACK Variable;\r
+ VARIABLE_POINTER_TRACK Variable2;\r
UINT8 VarValue;\r
UINT32 VarAttr;\r
UINT8 *Data;\r
UINTN DataSize;\r
UINTN CtxSize;\r
+ UINT8 SecureBootMode;\r
+ UINT8 SecureBootEnable;\r
+ \r
//\r
// Initialize hash context.\r
//\r
Status = FindVariable (\r
EFI_PLATFORM_KEY_NAME, \r
&gEfiGlobalVariableGuid, \r
- &Variable, \r
+ &Variable2, \r
&mVariableModuleGlobal->VariableGlobal\r
);\r
- if (Variable.CurrPtr == NULL) {\r
+ if (Variable2.CurrPtr == NULL) {\r
mPlatformMode = SETUP_MODE;\r
} else {\r
mPlatformMode = USER_MODE;\r
&mVariableModuleGlobal->VariableGlobal\r
);\r
\r
+\r
if (Variable.CurrPtr == NULL) {\r
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
Status = UpdateVariable (\r
NULL\r
);\r
}\r
- \r
+\r
+ //\r
+ // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
+ // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
+ // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
+ //\r
+ FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);\r
+ if (Variable.CurrPtr != NULL) {\r
+ SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r
+ if (SecureBootEnable == SECURE_BOOT_ENABLE) {\r
+ SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
+ } else {\r
+ SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
+ }\r
+ FindVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);\r
+ Status = UpdateVariable (\r
+ EFI_SECURE_BOOT_MODE_NAME, \r
+ &gEfiGlobalVariableGuid, \r
+ &SecureBootMode, \r
+ sizeof(UINT8), \r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, \r
+ 0, \r
+ 0, \r
+ &Variable,\r
+ NULL\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+\r
//\r
// Detect whether a secure platform-specific method to clear PK(Platform Key)\r
// is configured by platform owner. This method is provided for users force to clear PK \r
VARIABLE_POINTER_TRACK Variable;\r
UINT32 VarAttr;\r
UINT8 SecureBootMode;\r
-\r
+ UINT8 SecureBootEnable;\r
+ UINTN VariableDataSize;\r
+ \r
Status = FindVariable (\r
EFI_SETUP_MODE_NAME, \r
&gEfiGlobalVariableGuid, \r
}\r
\r
mPlatformMode = Mode;\r
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+ VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
Status = UpdateVariable (\r
EFI_SETUP_MODE_NAME,\r
&gEfiGlobalVariableGuid,\r
}\r
}\r
\r
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
- return UpdateVariable (\r
+ VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r
+ Status = UpdateVariable (\r
EFI_SECURE_BOOT_MODE_NAME,\r
&gEfiGlobalVariableGuid,\r
&SecureBootMode,\r
&Variable,\r
NULL\r
);\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Check "SecureBootEnable" variable's existence. It can enable/disable secure boot feature.\r
+ //\r
+ Status = FindVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME, \r
+ &gEfiSecureBootEnableDisableGuid, \r
+ &Variable, \r
+ &mVariableModuleGlobal->VariableGlobal\r
+ );\r
+ \r
+ if (SecureBootMode == SECURE_BOOT_MODE_ENABLE) {\r
+ //\r
+ // Create the "SecureBootEnable" variable as secure boot is enabled.\r
+ //\r
+ SecureBootEnable = SECURE_BOOT_ENABLE;\r
+ VariableDataSize = sizeof (SecureBootEnable);\r
+ } else {\r
+ //\r
+ // Delete the "SecureBootEnable" variable if this variable exist as "SecureBoot" \r
+ // variable is not in secure boot state.\r
+ //\r
+ if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ SecureBootEnable = SECURE_BOOT_DISABLE;\r
+ VariableDataSize = 0;\r
+ }\r
+ \r
+ Status = UpdateVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME, \r
+ &gEfiSecureBootEnableDisableGuid, \r
+ &SecureBootEnable, \r
+ VariableDataSize, \r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, \r
+ 0, \r
+ 0, \r
+ &Variable,\r
+ NULL\r
+ );\r
+ return Status;\r
}\r
\r
/**\r
projects / mirror_edk2.git / blobdiff