Re: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue.

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: Nickle Wang <nickle.wang@hpe.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
	cinnamon shia <cinnamon.shia@hpe.com>
Subject: Re: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue.
Date: Mon, 4 Jun 2018 14:17:59 +0000	[thread overview]
Message-ID: <FF72C7E4248F3C4E9BDF19D4918E90F2497ECBBB@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <20180529120825.9044-1-nickle.wang@hpe.com>

Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

-----Original Message-----
From: Nickle Wang [mailto:nickle.wang@hpe.com] 
Sent: Tuesday, May 29, 2018 8:08 PM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Nickle Wang <nickle.wang@hpe.com>; cinnamon shia <cinnamon.shia@hpe.com>
Subject: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue.

Check the return value of HiiGetBrowserData() before calling HiiSetBrowserData(). HiiGetBrowserData() failed to retrieve NV data during action EFI_BROWSER_ACTION_RETRIEVE. If NV data is invalid, stop sending it to form browser.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Nickle Wang <nickle.wang@hpe.com>
Signed-off-by: cinnamon shia <cinnamon.shia@hpe.com>
---
 .../SecureBootConfigDxe/SecureBootConfigImpl.c                      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index e3066f7..6123b56 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo
+++ nfigImpl.c
@@ -2,6 +2,7 @@
   HII Config Access protocol implementation of SecureBoot configuration module.
 
 Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
 This program and the accompanying materials  are licensed and made available under the terms and conditions of the BSD License  which accompanies this distribution.  The full text of the license may be found at @@ -4319,6 +4320,7 @@ SecureBootCallback (
   UINTN                           NameLength;
   UINT16                          *FilePostFix;
   SECUREBOOT_CONFIG_PRIVATE_DATA  *PrivateData;
+  BOOLEAN                         GetBrowserDataResult;
 
   Status           = EFI_SUCCESS;
   SecureBootEnable = NULL;
@@ -4343,7 +4345,7 @@ SecureBootCallback (
     return EFI_OUT_OF_RESOURCES;
   }
 
-  HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
+  GetBrowserDataResult = HiiGetBrowserData 
+ (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, 
+ (UINT8 *) IfrNvData);
 
   if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
     if (QuestionId == KEY_SECURE_BOOT_MODE) { @@ -4889,7 +4891,7 @@ SecureBootCallback (
 
 EXIT:
 
-  if (!EFI_ERROR (Status)) {
+  if (!EFI_ERROR (Status) && GetBrowserDataResult) {
     BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
     HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
   }
--
2.5.1.windows.1

     prev parent reply	other threads:[~2018-06-04 14:18 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-29 12:08 [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue Nickle Wang
2018-06-04 14:17 ` Zhang, Chao B [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=FF72C7E4248F3C4E9BDF19D4918E90F2497ECBBB@shsmsx102.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox