return TRUE;\r
}\r
\r
+/**\r
+ This code checks if variable should be treated as read-only variable.\r
+\r
+ @param[in] VariableName Name of the Variable.\r
+ @param[in] VendorGuid GUID of the Variable.\r
+\r
+ @retval TRUE This variable is read-only variable.\r
+ @retval FALSE This variable is NOT read-only variable.\r
+ \r
+**/\r
+BOOLEAN\r
+IsReadOnlyVariable (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid\r
+ )\r
+{\r
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)) {\r
+ if ((StrCmp (VariableName, EFI_SETUP_MODE_NAME) == 0) ||\r
+ (StrCmp (VariableName, EFI_SIGNATURE_SUPPORT_NAME) == 0) ||\r
+ (StrCmp (VariableName, EFI_SECURE_BOOT_MODE_NAME) == 0)) {\r
+ return TRUE;\r
+ }\r
+ }\r
+ \r
+ return FALSE;\r
+}\r
+\r
/**\r
\r
This code finds variable in storage blocks (Volatile or Non-Volatile).\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if (IsReadOnlyVariable (VariableName, VendorGuid)) {\r
+ return EFI_WRITE_PROTECTED;\r
+ }\r
+\r
if (DataSize != 0 && Data == NULL) {\r
return EFI_INVALID_PARAMETER;\r
}\r
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE);\r
} else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && \r
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {\r
- Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);\r
+ Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE);\r
+ if (EFI_ERROR (Status)) {\r
+ Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);\r
+ }\r
} else {\r
Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);\r
}\r