diff options
| author | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-05 08:08:12 +0000 |
|---|---|---|
| committer | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-05 08:08:12 +0000 |
| commit | 8f8ca22e594e3a6c313f725fbc7e2b20d75c79fd (patch) | |
| tree | 7ff3a01251e6922c56612e83c6d39a4264f205bb /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe | |
| parent | b37aa2c645ff7e9c2209fe325f6078813ff462cd (diff) | |
| download | edk2-8f8ca22e594e3a6c313f725fbc7e2b20d75c79fd.zip edk2-8f8ca22e594e3a6c313f725fbc7e2b20d75c79fd.tar.gz edk2-8f8ca22e594e3a6c313f725fbc7e2b20d75c79fd.tar.bz2 | |
1. Reset system when user changes secure boot state in secure boot configuration form.
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated/SecureBootConfigDxe')
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr | 2 | ||||
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 22 |
2 files changed, 16 insertions, 8 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 22c03c1..4e79063 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -51,7 +51,7 @@ formset questionid = KEY_SECURE_BOOT_ENABLE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
- flags = INTERACTIVE,
+ flags = INTERACTIVE | RESET_REQUIRED,
endcheckbox;
endif;
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 0a08479..26fc09d 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -2069,27 +2069,25 @@ SecureBootExtractConfigFromVariable ( {
UINT8 *SecureBootEnable;
UINT8 *SetupMode;
+ UINT8 *SecureBoot;
UINT8 *SecureBootMode;
SecureBootEnable = NULL;
SetupMode = NULL;
+ SecureBoot = NULL;
SecureBootMode = NULL;
//
- // Get the SecureBootEnable Variable
- //
- GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
-
- //
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
// Checkbox.
//
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (SecureBootEnable == NULL) {
ConfigData->HideSecureBoot = TRUE;
} else {
ConfigData->HideSecureBoot = FALSE;
- ConfigData->SecureBootState = *SecureBootEnable;
}
+
//
// If it is Physical Presence User, set the PhysicalPresent to true.
//
@@ -2103,11 +2101,21 @@ SecureBootExtractConfigFromVariable ( // If there is no PK then the Delete Pk button will be gray.
//
GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
- if (SetupMode == NULL || (*SetupMode) == 1) {
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
ConfigData->HasPk = FALSE;
} else {
ConfigData->HasPk = TRUE;
}
+
+ //
+ // If the value of SecureBoot variable is 1, the platform is operating in secure boot mode.
+ //
+ GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);
+ if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
+ ConfigData->SecureBootState = TRUE;
+ } else {
+ ConfigData->SecureBootState = FALSE;
+ }
//
// Get the SecureBootMode from CustomMode variable.
|