From: "Abner Chang" <abner.chang@hpe.com>
To: devel@edk2.groups.io
Cc: Nickle Wang <nickle.wang@hpe.com>, Andrew Fish <afish@apple.com>,
Ray Ni <ray.ni@intel.com>
Subject: [PATCH] EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME
Date: Thu, 10 Mar 2022 13:42:25 +0800 [thread overview]
Message-ID: <20220310054225.21135-1-abner.chang@hpe.com> (raw)
Check EFI_SECURE_BOOT_MODE_NAME before setting the flags to
prohibit acquiring Redfish service credential and using Redfish
service.
Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
---
.../RedfishPlatformCredentialLib.c | 32 +++++++++----------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
index eaf9c56450..a0233a984d 100644
--- a/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
+++ b/EmulatorPkg/Library/RedfishPlatformCredentialLib/RedfishPlatformCredentialLib.c
@@ -165,6 +165,9 @@ LibStopRedfishService (
IN EDKII_REDFISH_CREDENTIAL_STOP_SERVICE_TYPE ServiceStopType
)
{
+ EFI_STATUS Status;
+ UINT8 *SecureBootVar;
+
if (ServiceStopType >= ServiceStopTypeMax) {
return EFI_INVALID_PARAMETER;
}
@@ -177,8 +180,18 @@ LibStopRedfishService (
if (!PcdGetBool (PcdRedfishServieStopIfSecureBootDisabled)) {
return EFI_UNSUPPORTED;
} else {
- mStopRedfishService = TRUE;
- DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));
+ //
+ // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.
+ //
+ Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);
+ if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {
+ //
+ // Secure Boot is disabled
+ //
+ mSecureBootDisabled = TRUE;
+ mStopRedfishService = TRUE;
+ DEBUG ((DEBUG_INFO, "EFI Redfish service is stopped due to SecureBoot is disabled!!\n"));
+ }
}
} else if (ServiceStopType == ServiceStopTypeExitBootService) {
//
@@ -224,18 +237,5 @@ LibCredentialEndOfDxeNotify (
IN EDKII_REDFISH_CREDENTIAL_PROTOCOL *This
)
{
- EFI_STATUS Status;
- UINT8 *SecureBootVar;
-
- //
- // Check Secure Boot status and lock Redfish service if Secure Boot is disabled.
- //
- Status = GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID **)&SecureBootVar, NULL);
- if (EFI_ERROR (Status) || (*SecureBootVar != SECURE_BOOT_MODE_ENABLE)) {
- //
- // Secure Boot is disabled
- //
- mSecureBootDisabled = TRUE;
- LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);
- }
+ LibStopRedfishService (This, ServiceStopTypeSecureBootDisabled);
}
--
2.17.1
next reply other threads:[~2022-03-10 6:45 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-10 5:42 Abner Chang [this message]
2022-03-15 2:31 ` [PATCH] EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME Nickle Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220310054225.21135-1-abner.chang@hpe.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox