mirror of
https://xff.cz/git/u-boot/
synced 2025-10-18 08:23:24 +02:00
efi_loader: efi_auth_var_type for AuditMode, DeployedMode
Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit is contained in:
committed by
Heinrich Schuchardt
parent
9ef82e2947
commit
b191aa429e
@@ -247,7 +247,7 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor,
|
||||
return EFI_WRITE_PROTECTED;
|
||||
|
||||
if (IS_ENABLED(CONFIG_EFI_VARIABLES_PRESEED)) {
|
||||
if (var_type != EFI_AUTH_VAR_NONE)
|
||||
if (var_type >= EFI_AUTH_VAR_PK)
|
||||
return EFI_WRITE_PROTECTED;
|
||||
}
|
||||
|
||||
@@ -268,7 +268,7 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor,
|
||||
return EFI_NOT_FOUND;
|
||||
}
|
||||
|
||||
if (var_type != EFI_AUTH_VAR_NONE) {
|
||||
if (var_type >= EFI_AUTH_VAR_PK) {
|
||||
/* authentication is mandatory */
|
||||
if (!(attributes &
|
||||
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {
|
||||
|
Reference in New Issue
Block a user