X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FVariableAuthenticated%2FSecureBootConfigDxe%2FSecureBootConfigImpl.c;h=26fc09d52d2788a9d564bd97716556bda628d2b1;hp=0a08479b4b01a07ae60c70d9de843c05e1e4bef1;hb=8f8ca22e594e3a6c313f725fbc7e2b20d75c79fd;hpb=b37aa2c645ff7e9c2209fe325f6078813ff462cd diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 0a08479b4b..26fc09d52d 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -2069,27 +2069,25 @@ SecureBootExtractConfigFromVariable ( { UINT8 *SecureBootEnable; UINT8 *SetupMode; + UINT8 *SecureBoot; UINT8 *SecureBootMode; SecureBootEnable = NULL; SetupMode = NULL; + SecureBoot = NULL; SecureBootMode = NULL; - // - // Get the SecureBootEnable Variable - // - GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); - // // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable // Checkbox. // + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); if (SecureBootEnable == NULL) { ConfigData->HideSecureBoot = TRUE; } else { ConfigData->HideSecureBoot = FALSE; - ConfigData->SecureBootState = *SecureBootEnable; } + // // If it is Physical Presence User, set the PhysicalPresent to true. // @@ -2103,11 +2101,21 @@ SecureBootExtractConfigFromVariable ( // If there is no PK then the Delete Pk button will be gray. // GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); - if (SetupMode == NULL || (*SetupMode) == 1) { + if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) { ConfigData->HasPk = FALSE; } else { ConfigData->HasPk = TRUE; } + + // + // If the value of SecureBoot variable is 1, the platform is operating in secure boot mode. + // + GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL); + if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) { + ConfigData->SecureBootState = TRUE; + } else { + ConfigData->SecureBootState = FALSE; + } // // Get the SecureBootMode from CustomMode variable.