]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
projects / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 55a8305)
efi_loader: secure boot flag
authorHeinrich Schuchardt <xypron.glpk@gmx.de>
Sun, 5 Jul 2020 00:29:50 +0000 (02:29 +0200)
committerHeinrich Schuchardt <xypron.glpk@gmx.de>
Sat, 11 Jul 2020 21:14:17 +0000 (23:14 +0200)
In audit mode the UEFI variable SecureBoot is set to zero but the
efi_secure_boot flag is set to true.

The efi_secure_boot flag should match the UEFIvariable SecureBoot.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
lib/efi_loader/efi_variable.c patch | blob | history

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 4bd976e44a6a5a897c5c8c4bf75e3604f1ff9754..0d6bafc76d3eeecfc2c7c7fb529e3163cc11bba7 100644 (file)
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -190,6 +190,8 @@ static efi_status_t efi_set_secure_state(u8 secure_boot, u8 setup_mode,
        const u32 attributes_rw = EFI_VARIABLE_BOOTSERVICE_ACCESS |
                                  EFI_VARIABLE_RUNTIME_ACCESS;
 
+       efi_secure_boot = secure_boot;
+
        ret = efi_set_variable_int(L"SecureBoot", &efi_global_variable_guid,
                                   attributes_ro, sizeof(secure_boot),
                                   &secure_boot, false);
@@ -240,8 +242,6 @@ static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
                ret = efi_set_secure_state(1, 0, 0, 1);
                if (ret != EFI_SUCCESS)
                        goto err;
-
-               efi_secure_boot = true;
        } else if (mode == EFI_MODE_AUDIT) {
                ret = efi_set_variable_int(L"PK", &efi_global_variable_guid,
                                           EFI_VARIABLE_BOOTSERVICE_ACCESS |
@@ -253,14 +253,10 @@ static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
                ret = efi_set_secure_state(0, 1, 1, 0);
                if (ret != EFI_SUCCESS)
                        goto err;
-
-               efi_secure_boot = true;
        } else if (mode == EFI_MODE_USER) {
                ret = efi_set_secure_state(1, 0, 0, 0);
                if (ret != EFI_SUCCESS)
                        goto err;
-
-               efi_secure_boot = true;
        } else if (mode == EFI_MODE_SETUP) {
                ret = efi_set_secure_state(0, 1, 0, 0);
                if (ret != EFI_SUCCESS)
My U-Boot fork