.../Universal/Variable/RuntimeDxe/Variable.c | 26 ++++++++++++++++------ 1 file changed, 19 insertions(+), 7 deletions(-)
Make VariableServiceSetVariable and VariableServiceQueryVariableInfo
functions return status following UEFI 2.7 spec.
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: chenc2 <chen.a.chen@intel.com>
---
.../Universal/Variable/RuntimeDxe/Variable.c | 26 ++++++++++++++++------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index f39be6b0b4..d7128fe105 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -3145,7 +3145,11 @@ VariableServiceSetVariable (
// Make sure if runtime bit is set, boot service bit is set also.
//
if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {
- return EFI_INVALID_PARAMETER;
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ return EFI_UNSUPPORTED;
+ } else {
+ return EFI_INVALID_PARAMETER;
+ }
} else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {
//
@@ -3168,15 +3172,16 @@ VariableServiceSetVariable (
//
if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
&& ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {
- return EFI_INVALID_PARAMETER;
+ return EFI_UNSUPPORTED;
}
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {
- if (DataSize < AUTHINFO_SIZE) {
- //
- // Try to write Authenticated Variable without AuthInfo.
- //
- return EFI_SECURITY_VIOLATION;
+ //
+ // If DataSize == AUTHINFO_SIZE and then PayloadSize is 0.
+ // Maybe it's the delete operation of common authenticated variable at user physical presence.
+ //
+ if (DataSize != AUTHINFO_SIZE) {
+ return EFI_UNSUPPORTED;
}
PayloadSize = DataSize - AUTHINFO_SIZE;
} else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
@@ -3522,6 +3527,13 @@ VariableServiceQueryVariableInfo (
return EFI_INVALID_PARAMETER;
}
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ //
+ // Deprecated attribute, make this check as highest priority.
+ //
+ return EFI_UNSUPPORTED;
+ }
+
if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {
//
// Make sure the Attributes combination is supported by the platform.
--
2.13.2.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by : Chao Zhang <chao.b.zhang@intel.com>
-----Original Message-----
From: Chen, Chen A
Sent: Thursday, December 7, 2017 2:46 PM
To: edk2-devel@lists.01.org
Cc: Chen, Chen A <chen.a.chen@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
Subject: [PATCH] MdeModulePkg/Variable/RuntimeDxe: Modify function return status
Make VariableServiceSetVariable and VariableServiceQueryVariableInfo functions return status following UEFI 2.7 spec.
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: chenc2 <chen.a.chen@intel.com>
---
.../Universal/Variable/RuntimeDxe/Variable.c | 26 ++++++++++++++++------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index f39be6b0b4..d7128fe105 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -3145,7 +3145,11 @@ VariableServiceSetVariable (
// Make sure if runtime bit is set, boot service bit is set also.
//
if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {
- return EFI_INVALID_PARAMETER;
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ return EFI_UNSUPPORTED;
+ } else {
+ return EFI_INVALID_PARAMETER;
+ }
} else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {
//
@@ -3168,15 +3172,16 @@ VariableServiceSetVariable (
//
if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
&& ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {
- return EFI_INVALID_PARAMETER;
+ return EFI_UNSUPPORTED;
}
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {
- if (DataSize < AUTHINFO_SIZE) {
- //
- // Try to write Authenticated Variable without AuthInfo.
- //
- return EFI_SECURITY_VIOLATION;
+ //
+ // If DataSize == AUTHINFO_SIZE and then PayloadSize is 0.
+ // Maybe it's the delete operation of common authenticated variable at user physical presence.
+ //
+ if (DataSize != AUTHINFO_SIZE) {
+ return EFI_UNSUPPORTED;
}
PayloadSize = DataSize - AUTHINFO_SIZE;
} else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { @@ -3522,6 +3527,13 @@ VariableServiceQueryVariableInfo (
return EFI_INVALID_PARAMETER;
}
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ //
+ // Deprecated attribute, make this check as highest priority.
+ //
+ return EFI_UNSUPPORTED;
+ }
+
if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {
//
// Make sure the Attributes combination is supported by the platform.
--
2.13.2.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2025 Red Hat, Inc.