From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2DDD62096F32B for ; Mon, 4 Jun 2018 07:18:02 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Jun 2018 07:18:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,476,1520924400"; d="scan'208";a="46291101" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga007.jf.intel.com with ESMTP; 04 Jun 2018 07:18:02 -0700 Received: from fmsmsx119.amr.corp.intel.com (10.18.124.207) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 4 Jun 2018 07:18:02 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX119.amr.corp.intel.com (10.18.124.207) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 4 Jun 2018 07:18:01 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.223]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.116]) with mapi id 14.03.0319.002; Mon, 4 Jun 2018 22:17:59 +0800 From: "Zhang, Chao B" To: Nickle Wang , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" , cinnamon shia Thread-Topic: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue. Thread-Index: AQHT90XJ9WFrZeYr2UqUiKRTZxsbR6RQLxCQ Date: Mon, 4 Jun 2018 14:17:59 +0000 Message-ID: References: <20180529120825.9044-1-nickle.wang@hpe.com> In-Reply-To: <20180529120825.9044-1-nickle.wang@hpe.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMGI0MjIxODctZWQ0MS00OWY3LWEwOTYtYzA4ZmExODFlMjE5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiXC9HUThjMHA1QUxHUStqVkEwb1l2b1JOZFFiS1VxV1dsUWc1Y3ZJdlVtSE9GVmNEKzhXcWdCSGRBUk5RZHpLMDcifQ== dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2018 14:18:03 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Chao Zhang -----Original Message----- From: Nickle Wang [mailto:nickle.wang@hpe.com]=20 Sent: Tuesday, May 29, 2018 8:08 PM To: edk2-devel@lists.01.org Cc: Zhang, Chao B ; Yao, Jiewen ; Nickle Wang ; cinnamon shia Subject: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue= . Check the return value of HiiGetBrowserData() before calling HiiSetBrowserD= ata(). HiiGetBrowserData() failed to retrieve NV data during action EFI_BRO= WSER_ACTION_RETRIEVE. If NV data is invalid, stop sending it to form browse= r. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Nickle Wang Signed-off-by: cinnamon shia --- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 6 ++= ++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.c index e3066f7..6123b56 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.c @@ -2,6 +2,7 @@ HII Config Access protocol implementation of SecureBoot configuration mo= dule. =20 Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -4319,6 +4= 320,7 @@ SecureBootCallback ( UINTN NameLength; UINT16 *FilePostFix; SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + BOOLEAN GetBrowserDataResult; =20 Status =3D EFI_SUCCESS; SecureBootEnable =3D NULL; @@ -4343,7 +4345,7 @@ SecureBootCallback ( return EFI_OUT_OF_RESOURCES; } =20 - HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName= , BufferSize, (UINT8 *) IfrNvData); + GetBrowserDataResult =3D HiiGetBrowserData=20 + (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize,=20 + (UINT8 *) IfrNvData); =20 if (Action =3D=3D EFI_BROWSER_ACTION_FORM_OPEN) { if (QuestionId =3D=3D KEY_SECURE_BOOT_MODE) { @@ -4889,7 +4891,7 @@ Se= cureBootCallback ( =20 EXIT: =20 - if (!EFI_ERROR (Status)) { + if (!EFI_ERROR (Status) && GetBrowserDataResult) { BufferSize =3D sizeof (SECUREBOOT_CONFIGURATION); HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageNa= me, BufferSize, (UINT8*) IfrNvData, NULL); } -- 2.5.1.windows.1