From: Nickle Wang <nickle.wang@hpe.com>
To: edk2-devel@lists.01.org
Cc: chao.b.zhang@intel.com, jiewen.yao@intel.com,
Nickle Wang <nickle.wang@hpe.com>,
cinnamon shia <cinnamon.shia@hpe.com>
Subject: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue.
Date: Tue, 29 May 2018 20:08:25 +0800 [thread overview]
Message-ID: <20180529120825.9044-1-nickle.wang@hpe.com> (raw)
Check the return value of HiiGetBrowserData() before calling HiiSetBrowserData(). HiiGetBrowserData() failed to retrieve NV data during action EFI_BROWSER_ACTION_RETRIEVE. If NV data is invalid, stop sending it to form browser.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Nickle Wang <nickle.wang@hpe.com>
Signed-off-by: cinnamon shia <cinnamon.shia@hpe.com>
---
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index e3066f7..6123b56 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -2,6 +2,7 @@
HII Config Access protocol implementation of SecureBoot configuration module.
Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -4319,6 +4320,7 @@ SecureBootCallback (
UINTN NameLength;
UINT16 *FilePostFix;
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
+ BOOLEAN GetBrowserDataResult;
Status = EFI_SUCCESS;
SecureBootEnable = NULL;
@@ -4343,7 +4345,7 @@ SecureBootCallback (
return EFI_OUT_OF_RESOURCES;
}
- HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
+ GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
if (QuestionId == KEY_SECURE_BOOT_MODE) {
@@ -4889,7 +4891,7 @@ SecureBootCallback (
EXIT:
- if (!EFI_ERROR (Status)) {
+ if (!EFI_ERROR (Status) && GetBrowserDataResult) {
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
}
--
2.5.1.windows.1
next reply other threads:[~2018-05-29 12:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-29 12:08 Nickle Wang [this message]
2018-06-04 14:17 ` [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue Zhang, Chao B
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180529120825.9044-1-nickle.wang@hpe.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox