SecurityPkg Variable: Before EndOfDxe, just record the current boot VarErrorFlag...

[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / Variable.c

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index 7a42d971e0caf191ce193cb43bd33045dcfca032..83d69899f705e936e6b4c27a1230bbf83c529adf 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -58,7 +58,10 @@ BOOLEAN                mEndOfDxe              = FALSE;
 ///\r
 BOOLEAN                mEnableLocking         = TRUE;\r
 \r
-/**\r
+//\r
+// It will record the current boot error flag before EndOfDxe.\r
+//\r
+VAR_ERROR_FLAG         mCurrentBootVarErrFlag = VAR_ERROR_FLAG_NO_ERROR;\r
 \r
   SecureBoot Hook for auth variable update.\r
 \r
@@ -579,6 +582,17 @@ RecordVarErrorFlag (
     }\r
   );\r
 \r
+  if (!mEndOfDxe) {\r
+    //\r
+    // Before EndOfDxe, just record the current boot variable error flag to local variable,\r
+    // and leave the variable error flag in NV flash as the last boot variable error flag.\r
+    // After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash\r
+    // will be initialized to this local current boot variable error flag.\r
+    //\r
+    mCurrentBootVarErrFlag &= Flag;\r
+    return;\r
+  }\r
+\r
   //\r
   // Record error flag (it should have be initialized).\r
   //\r
@@ -637,7 +651,7 @@ InitializeVarErrorFlag (
     return;\r
   }\r
 \r
-  Flag = VAR_ERROR_FLAG_NO_ERROR;\r
+  Flag = mCurrentBootVarErrFlag;\r
   DEBUG ((EFI_D_INFO, "Initialize variable error flag (%02x)\n", Flag));\r
 \r
   Status = FindVariable (\r