1
0
mirror of https://xff.cz/git/u-boot/ synced 2025-10-18 08:23:24 +02:00

efi_loader: efi_auth_var_type for AuditMode, DeployedMode

Writing variables AuditMode and DeployedMode serves to switch between
Secure Boot modes. Provide a separate value for these in efi_auth_var_type.

With this patch the variables will not be read from from file even if they
are marked as non-volatile by mistake.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit is contained in:
Heinrich Schuchardt
2021-08-26 04:30:24 +02:00
committed by Heinrich Schuchardt
parent 9ef82e2947
commit b191aa429e
3 changed files with 5 additions and 2 deletions

View File

@@ -247,7 +247,7 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor,
return EFI_WRITE_PROTECTED;
if (IS_ENABLED(CONFIG_EFI_VARIABLES_PRESEED)) {
if (var_type != EFI_AUTH_VAR_NONE)
if (var_type >= EFI_AUTH_VAR_PK)
return EFI_WRITE_PROTECTED;
}
@@ -268,7 +268,7 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor,
return EFI_NOT_FOUND;
}
if (var_type != EFI_AUTH_VAR_NONE) {
if (var_type >= EFI_AUTH_VAR_PK) {
/* authentication is mandatory */
if (!(attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {