MdeModulePkg/Variable/RuntimeDxe: Modify function return status
authorchenc2 <chen.a.chen@intel.com>
Thu, 7 Dec 2017 05:38:03 +0000 (13:38 +0800)
committerZhang, Chao B <chao.b.zhang@intel.com>
Fri, 15 Dec 2017 13:56:33 +0000 (21:56 +0800)
Make VariableServiceSetVariable and VariableServiceQueryVariableInfo
functions return status following UEFI 2.7 spec.

Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c

index 969df955181e415fcd6cc90bdbcb1a69010f9927..793bdad3b92ee057668799978841691404d0699b 100644 (file)
@@ -3146,7 +3146,11 @@ VariableServiceSetVariable (
   //  Make sure if runtime bit is set, boot service bit is set also.\r
   //\r
   if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {\r
   //  Make sure if runtime bit is set, boot service bit is set also.\r
   //\r
   if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {\r
-    return EFI_INVALID_PARAMETER;\r
+    if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+      return EFI_UNSUPPORTED;\r
+    } else {\r
+      return EFI_INVALID_PARAMETER;\r
+    }\r
   } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
     if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {\r
       //\r
   } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
     if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {\r
       //\r
@@ -3169,15 +3173,16 @@ VariableServiceSetVariable (
   //\r
   if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
      && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {\r
   //\r
   if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
      && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {\r
-    return EFI_INVALID_PARAMETER;\r
+    return EFI_UNSUPPORTED;\r
   }\r
 \r
   if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {\r
   }\r
 \r
   if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {\r
-    if (DataSize < AUTHINFO_SIZE) {\r
-      //\r
-      // Try to write Authenticated Variable without AuthInfo.\r
-      //\r
-      return EFI_SECURITY_VIOLATION;\r
+    //\r
+    //  If DataSize == AUTHINFO_SIZE and then PayloadSize is 0.\r
+    //  Maybe it's the delete operation of common authenticated variable at user physical presence.\r
+    //\r
+    if (DataSize != AUTHINFO_SIZE) {\r
+      return EFI_UNSUPPORTED;\r
     }\r
     PayloadSize = DataSize - AUTHINFO_SIZE;\r
   } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {\r
     }\r
     PayloadSize = DataSize - AUTHINFO_SIZE;\r
   } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {\r
@@ -3523,6 +3528,13 @@ VariableServiceQueryVariableInfo (
     return EFI_INVALID_PARAMETER;\r
   }\r
 \r
     return EFI_INVALID_PARAMETER;\r
   }\r
 \r
+  if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+    //\r
+    //  Deprecated attribute, make this check as highest priority.\r
+    //\r
+    return EFI_UNSUPPORTED;\r
+  }\r
+\r
   if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {\r
     //\r
     // Make sure the Attributes combination is supported by the platform.\r
   if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {\r
     //\r
     // Make sure the Attributes combination is supported by the platform.\r