Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-05-02 09:36:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

efi_loader: secure boot flag

Browse source 
In audit mode the UEFI variable SecureBoot is set to zero but the
efi_secure_boot flag is set to true.

The efi_secure_boot flag should match the UEFIvariable SecureBoot.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
Heinrich Schuchardt 2020-07-05 02:29:50 +02:00
parent 55a830560e
commit 198bf6418e
1 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/efi_loader/efi_variable.c
View file

@ -190,6 +190,8 @@ static efi_status_t efi_set_secure_state(u8 secure_boot, u8 setup_mode,
const u32 attributes_rw = EFI_VARIABLE_BOOTSERVICE_ACCESS | const u32 attributes_rw = EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS; EFI_VARIABLE_RUNTIME_ACCESS;
efi_secure_boot = secure_boot;
ret = efi_set_variable_int(L"SecureBoot", &efi_global_variable_guid, ret = efi_set_variable_int(L"SecureBoot", &efi_global_variable_guid,
attributes_ro, sizeof(secure_boot), attributes_ro, sizeof(secure_boot),
&secure_boot, false); &secure_boot, false);
@ -240,8 +242,6 @@ static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
ret = efi_set_secure_state(1, 0, 0, 1); ret = efi_set_secure_state(1, 0, 0, 1);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
efi_secure_boot = true;
} else if (mode == EFI_MODE_AUDIT) { } else if (mode == EFI_MODE_AUDIT) {
ret = efi_set_variable_int(L"PK", &efi_global_variable_guid, ret = efi_set_variable_int(L"PK", &efi_global_variable_guid,
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS |
@ -253,14 +253,10 @@ static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
ret = efi_set_secure_state(0, 1, 1, 0); ret = efi_set_secure_state(0, 1, 1, 0);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
efi_secure_boot = true;
} else if (mode == EFI_MODE_USER) { } else if (mode == EFI_MODE_USER) {
ret = efi_set_secure_state(1, 0, 0, 0); ret = efi_set_secure_state(1, 0, 0, 0);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
efi_secure_boot = true;
} else if (mode == EFI_MODE_SETUP) { } else if (mode == EFI_MODE_SETUP) {
ret = efi_set_secure_state(0, 1, 0, 0); ret = efi_set_secure_state(0, 1, 0, 0);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)