blob: ac18fcd7026fa453c0db198211a557b8296d8ea6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
/** @file
Provides an abstracted interface for configuring PK related variable protection.
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Uefi.h>
#include <Protocol/VariablePolicy.h>
#include <Library/DebugLib.h>
#include <Library/UefiBootServicesTableLib.h>
/**
Disable any applicable protection against variable 'PK'. The implementation
of this interface is platform specific, depending on the protection techniques
used per platform.
Note: It is the platform's responsibility to conduct cautious operation after
disabling this protection.
@retval EFI_SUCCESS State has been successfully updated.
@retval Others Error returned from implementation specific
underying APIs.
**/
EFI_STATUS
EFIAPI
DisablePKProtection (
VOID
)
{
EFI_STATUS Status;
EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
DEBUG ((DEBUG_INFO, "%a() Entry...\n", __func__));
// IMPORTANT NOTE: This operation is sticky and leaves variable protections disabled.
// The system *MUST* be reset after performing this operation.
Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy);
if (!EFI_ERROR (Status)) {
Status = VariablePolicy->DisableVariablePolicy ();
// EFI_ALREADY_STARTED means that everything is currently disabled.
// This should be considered SUCCESS.
if (Status == EFI_ALREADY_STARTED) {
Status = EFI_SUCCESS;
}
}
return Status;
}
|