1. Topics
  2. [PATCH V3 5/7] OvmfPkg/NvVarsFileLib: Shortcut ConnectNvVarsToFileSystem in secure-boot

[PATCH V3 5/7] OvmfPkg/NvVarsFileLib: Shortcut ConnectNvVarsToFileSystem in secure-boot

Min Xu
 

From: Min M Xu <min.m.xu@...>

OvmfPkg/Library/NvVarsFileLib allows loading variables into emulated
varstore from a on-disk NvVars file. We can't allow that when secure
boot is active. So check secure-boot feature and shortcut the
ConnectNvVarsToFileSystem() function when sb is enabled.

Cc: Erdem Aktas <erdemaktas@...>
Cc: James Bottomley <jejb@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Tom Lendacky <thomas.lendacky@...>
Cc: Gerd Hoffmann <kraxel@...>
Suggested-by: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>
---
OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
index 21b71524ea48..72289da35819 100644
--- a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
+++ b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
@@ -28,6 +28,12 @@ ConnectNvVarsToFileSystem (
IN EFI_HANDLE FsHandle
)
{
+ #ifdef SECURE_BOOT_FEATURE_ENABLED
+
+ return EFI_UNSUPPORTED;
+
+ #else
+
EFI_STATUS Status;

//
@@ -46,6 +52,7 @@ ConnectNvVarsToFileSystem (
}

return Status;
+ #endif
}

/**
--
2.29.2.windows.2
1 - 1 of 1