]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MdeModulePkg/SecurityPkg Variable: If a preexisting variable is rewritten with differ...
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / Variable.c
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index ef123d2d5c38d0fb6988f1672ef514c2c809de5d..53ef092aff951d9eebf3e676c229dca39c2f2bd9 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2831,6 +2831,16 @@ VariableServiceSetVariable (
       Status = EFI_WRITE_PROTECTED;\r
       goto Done;\r
     }\r
+    if (Attributes != 0 && (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Variable.CurrPtr->Attributes) {\r
+      //\r
+      // If a preexisting variable is rewritten with different attributes, SetVariable() shall not\r
+      // modify the variable and shall return EFI_INVALID_PARAMETER. Two exceptions to this rule:\r
+      // 1. No access attributes specified\r
+      // 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE\r
+      //\r
+      Status = EFI_INVALID_PARAMETER;\r
+      goto Done;\r
+    }\r
   }\r
   \r
   //\r
EFI Development Kit II mirror for PVE