From: Michael D Kinney Date: Wed, 6 Jan 2021 03:48:55 +0000 (-0800) Subject: MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM X-Git-Tag: edk2-stable202102~214 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=248d08c5983b561549891fec54c213e1f354179c MdeModulePkg/Library/VarCheckLib: Allow SetVariable from SMM REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3154 Update VarCheckLibSetVariableCheck() to allow locked variables to be updated if the RequestSource is VarCheckFromTrusted even if one or more variable check handlers return EFI_WRITE_PROTECTED. RequestSource is only set to VarCheckFromTrusted if the request is through the EFI_SMM_VARAIBLE_PROTOCOL. Cc: Bret Barkelew Cc: Hao A Wu Cc: Liming Gao Signed-off-by: Michael D Kinney Reviewed-by: Bret Barkelew Reviewed-by: Hao A Wu --- diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c index 470d782444..9596d760e9 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c @@ -1,7 +1,7 @@ /** @file Implementation functions and structures for var check services. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -655,6 +655,13 @@ VarCheckLibSetVariableCheck ( DataSize, Data ); + if (Status == EFI_WRITE_PROTECTED && RequestSource == VarCheckFromTrusted) { + // + // If RequestSource is trusted, then allow variable to be set even if it + // is write protected. + // + continue; + } if (EFI_ERROR (Status)) { DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName)); return Status;