X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.c;h=7bc3cc0ec037fb2665f4542cc9b75c38449f4802;hp=dab35d5f6c2edfb4e0a6a36bbc2fd6f138d0edb4;hb=beda2356f5128efa4461046f882b6516ece6afc7;hpb=23491d5cc2c8e732c779f7e30db12a62a2a816c3

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index dab35d5f6c..7bc3cc0ec0 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1117,7 +1117,6 @@ DxeImageVerificationHandler (
   IN  VOID                             *FileBuffer,
   IN  UINTN                            FileSize
   )
-
 {
   EFI_STATUS                  Status;
   UINT16                      Magic;
@@ -1130,6 +1129,7 @@ DxeImageVerificationHandler (
   EFI_IMAGE_EXECUTION_ACTION  Action;
   WIN_CERTIFICATE             *WinCertificate;
   UINT32                      Policy;
+  UINT8                       *SecureBootEnable;
 
   if (File == NULL) {
     return EFI_INVALID_PARAMETER;
@@ -1173,6 +1173,23 @@ DxeImageVerificationHandler (
   } else if (Policy == NEVER_EXECUTE) {
     return EFI_ACCESS_DENIED;
   }
+
+  SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);
+  //
+  // Skip verification if SecureBootEnable variable doesn't exist.
+  //
+  if (SecureBootEnable == NULL) {
+    return EFI_SUCCESS;
+  }
+
+  //
+  // Skip verification if SecureBootEnable is disabled.
+  //
+  if (*SecureBootEnable == SECURE_BOOT_DISABLE) {
+    FreePool (SecureBootEnable);
+    return EFI_SUCCESS;
+  }    
+ 
   SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);
 
   //