Revision: 14375
http://edk2.svn.sourceforge.net/edk2/?rev=14375&view=rev
Author: sfu5
Date: 2013-05-17 08:05:01 +0000 (Fri, 17 May 2013)
Log Message:
-----------
Fix a bug that ?\226?\128?\156SecureBoot?\226?\128?\157 varaible will be
updated to NV+AT attribute incorrectly.
Signed-off-by: Fu Siyuan <[email protected]>
Reviewed-by: Ni Ruiyu <[email protected]>
Reviewed-by: Dong Guo <[email protected]>
Modified Paths:
--------------
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
Modified:
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
===================================================================
---
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
2013-05-17 07:36:14 UTC (rev 14374)
+++
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
2013-05-17 08:05:01 UTC (rev 14375)
@@ -1348,53 +1348,6 @@
}
/**
- When VariableWriteArchProtocol install, create "SecureBoot" variable.
-
- @param[in] Event Event whose notification function is being invoked.
- @param[in] Context Pointer to the notification function's context.
-
-**/
-VOID
-EFIAPI
-VariableWriteCallBack (
- IN EFI_EVENT Event,
- IN VOID *Context
- )
-{
- UINT8 SecureBootMode;
- UINT8 *SecureBootModePtr;
- EFI_STATUS Status;
- VOID *ProtocolPointer;
-
- Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL,
&ProtocolPointer);
- if (EFI_ERROR (Status)) {
- return;
- }
-
- //
- // Check whether "SecureBoot" variable exists.
- // If this library is built-in, it means firmware has capability to perform
- // driver signing verification.
- //
- GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME,
(VOID**)&SecureBootModePtr, NULL);
- if (SecureBootModePtr == NULL) {
- SecureBootMode = SECURE_BOOT_MODE_DISABLE;
- //
- // Authenticated variable driver will update "SecureBoot" depending on
SetupMode variable.
- //
- gRT->SetVariable (
- EFI_SECURE_BOOT_MODE_NAME,
- &gEfiGlobalVariableGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS |
EFI_VARIABLE_NON_VOLATILE,
- sizeof (UINT8),
- &SecureBootMode
- );
- } else {
- FreePool (SecureBootModePtr);
- }
-}
-
-/**
Register security measurement handler.
@param ImageHandle ImageHandle of the loaded driver.
@@ -1409,19 +1362,6 @@
IN EFI_SYSTEM_TABLE *SystemTable
)
{
- VOID *Registration;
-
- //
- // Register callback function upon VariableWriteArchProtocol.
- //
- EfiCreateProtocolNotifyEvent (
- &gEfiVariableWriteArchProtocolGuid,
- TPL_CALLBACK,
- VariableWriteCallBack,
- NULL,
- &Registration
- );
-
return RegisterSecurity2Handler (
DxeImageVerificationHandler,
EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
Modified:
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
===================================================================
---
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
2013-05-17 07:36:14 UTC (rev 14374)
+++
trunk/edk2/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
2013-05-17 08:05:01 UTC (rev 14375)
@@ -7,7 +7,7 @@
# This external input must be validated carefully to avoid security issue like
# buffer overflow, integer overflow.
#
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD
License
# which accompanies this distribution. The full text of the license may be
found at
@@ -59,7 +59,6 @@
gEfiFirmwareVolume2ProtocolGuid
gEfiBlockIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid
- gEfiVariableWriteArchProtocolGuid
[Guids]
gEfiCertTypeRsa2048Sha256Guid
Modified: trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
===================================================================
--- trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
2013-05-17 07:36:14 UTC (rev 14374)
+++ trunk/edk2/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
2013-05-17 08:05:01 UTC (rev 14375)
@@ -675,7 +675,6 @@
{
EFI_STATUS Status;
VARIABLE_POINTER_TRACK Variable;
- UINT32 VarAttr;
UINT8 SecureBootMode;
UINT8 SecureBootEnable;
UINTN VariableDataSize;
@@ -736,13 +735,12 @@
}
}
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS |
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
&SecureBootMode,
sizeof(UINT8),
- VarAttr,
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
0,
0,
&Variable,
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
