[PATCH 1/6] efi_loader: stop recursion in efi_init_secure_state
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Thu Aug 26 13:42:00 CEST 2021
efi_init_secure_state() calls efi_transfer_secure_state() which may delete
variable "PK" which will result in calling efi_init_secure_state() again.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
lib/efi_loader/efi_var_common.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index 3d92afe2eb..654ce81f9d 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -314,11 +314,15 @@ err:
efi_status_t efi_init_secure_state(void)
{
+ static bool lock;
enum efi_secure_mode mode = EFI_MODE_SETUP;
u8 efi_vendor_keys = 0;
efi_uintn_t size = 0;
efi_status_t ret;
+ if (lock)
+ return EFI_SUCCESS;
+
ret = efi_get_variable_int(L"PK", &efi_global_variable_guid,
NULL, &size, NULL, NULL);
if (ret == EFI_BUFFER_TOO_SMALL) {
@@ -326,7 +330,9 @@ efi_status_t efi_init_secure_state(void)
mode = EFI_MODE_USER;
}
+ lock = true;
ret = efi_transfer_secure_state(mode);
+ lock = false;
if (ret != EFI_SUCCESS)
return ret;
--
2.30.2
More information about the U-Boot
mailing list