EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME

https://bugzilla.tianocore.org/show_bug.cgi?id=3858

Check EFI_SECURE_BOOT_MODE_NAME before setting the flags to
prohibit acquiring Redfish service credential and using Redfish
service.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Reviewed-by: Nickle Wang <nickle.wang@hpe.com>

diff --git a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
index eaf9c56450e11127981d1aa21e476a71c6b2fefb..a0233a984d622e9839da5240a6ef1364f1931a34 100644 (file)
--- a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
+++ b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
@@ -165,6 +165,9 @@ LibStopRedfishService (
   IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE  ServiceStopType\r
   )\r
 {\r
+  EFI_STATUS  Status;\r
+  UINT8       *SecureBootVar;\r
+\r
   if (ServiceStopType >= ServiceStopTypeMax) {\r
     return EFI_INVALID_PARAMETER;\r
   }\r
@@ -177,8 +180,18 @@ LibStopRedfishService (
     if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {\r
       return EFI_UNSUPPORTED;\r
     } else {\r
-      mStopRedfishService = TRUE;\r
-      DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));\r
+      //\r
+      // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.\r
+      //\r
+      Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);\r
+      if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {\r
+        //\r
+        // Secure Boot is disabled\r
+        //\r
+        mSecureBootDisabled = TRUE;\r
+        mStopRedfishService = TRUE;\r
+        DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));\r
+      }\r
     }\r
   } else if (ServiceStopType == ServiceStopTypeExitBootService) {\r
     //\r
@@ -224,18 +237,5 @@ LibCredentialEndOfDxeNotify (
   IN  EDKII_REDFISH_CREDENTIAL_PROTOCOL  *This\r
   )\r
 {\r
-  EFI_STATUS  Status;\r
-  UINT8       *SecureBootVar;\r
-\r
-  //\r
-  // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.\r
-  //\r
-  Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);\r
-  if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {\r
-    //\r
-    // Secure Boot is disabled\r
-    //\r
-    mSecureBootDisabled = TRUE;\r
-    LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
-  }\r
+  LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);\r
 }\r