From 70165fa6e2820e4a5d33737bc490b6241b9ac018 Mon Sep 17 00:00:00 2001 From: Min M Xu Date: Wed, 29 Jun 2022 10:33:09 +0800 Subject: OvmfPkg/NvVarsFileLib: Shortcut ConnectNvVarsToFileSystem in secure-boot OvmfPkg/Library/NvVarsFileLib allows loading variables into emulated varstore from a on-disk NvVars file. We can't allow that when secure boot is active. So check secure-boot feature and shortcut the ConnectNvVarsToFileSystem() function when sb is enabled. Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Suggested-by: Gerd Hoffmann Acked-by: Gerd Hoffmann Signed-off-by: Min Xu Reviewed-by: Jiewen Yao --- OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'OvmfPkg/Library/NvVarsFileLib') diff --git a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c index 21b7152..72289da 100644 --- a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c +++ b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c @@ -28,6 +28,12 @@ ConnectNvVarsToFileSystem ( IN EFI_HANDLE FsHandle ) { + #ifdef SECURE_BOOT_FEATURE_ENABLED + + return EFI_UNSUPPORTED; + + #else + EFI_STATUS Status; // @@ -46,6 +52,7 @@ ConnectNvVarsToFileSystem ( } return Status; + #endif } /** -- cgit v1.1