From: Star Zeng <star.zeng@intel.com>
Date: Mon, 2 Feb 2015 03:18:10 +0000 (+0000)
Subject: SecurityPkg Variable: Before EndOfDxe, just record the current boot VarErrorFlag... 
X-Git-Tag: edk2-stable201903~10386
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=c4b5cc4318f80e025196fb8fc2795184e1451661

SecurityPkg Variable: Before EndOfDxe, just record the current boot VarErrorFlag to local variable.

And leave the variable error flag in NV flash as the last boot variable error flag.
After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
will be initialized to this local current boot variable error flag.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16685 6f19259b-4bc3-4df7-8a09-765794883524
---

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index 7a42d971e0..83d69899f7 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -58,7 +58,10 @@ BOOLEAN                mEndOfDxe              = FALSE;
 ///
 BOOLEAN                mEnableLocking         = TRUE;
 
-/**
+//
+// It will record the current boot error flag before EndOfDxe.
+//
+VAR_ERROR_FLAG         mCurrentBootVarErrFlag = VAR_ERROR_FLAG_NO_ERROR;
 
   SecureBoot Hook for auth variable update.
 
@@ -579,6 +582,17 @@ RecordVarErrorFlag (
     }
   );
 
+  if (!mEndOfDxe) {
+    //
+    // Before EndOfDxe, just record the current boot variable error flag to local variable,
+    // and leave the variable error flag in NV flash as the last boot variable error flag.
+    // After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
+    // will be initialized to this local current boot variable error flag.
+    //
+    mCurrentBootVarErrFlag &= Flag;
+    return;
+  }
+
   //
   // Record error flag (it should have be initialized).
   //
@@ -637,7 +651,7 @@ InitializeVarErrorFlag (
     return;
   }
 
-  Flag = VAR_ERROR_FLAG_NO_ERROR;
+  Flag = mCurrentBootVarErrFlag;
   DEBUG ((EFI_D_INFO, "Initialize variable error flag (%02x)\n", Flag));
 
   Status = FindVariable (