[PATCH v2 1/6] efi_loader: stop recursion in efi_init_secure_state

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Thu Aug 26 15:48:00 CEST 2021


efi_init_secure_state() calls efi_transfer_secure_state() which may delete
variable "PK" which will result in calling efi_init_secure_state() again.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
v2:
	no change
---
 lib/efi_loader/efi_var_common.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index 3d92afe2eb..654ce81f9d 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -314,11 +314,15 @@ err:
 
 efi_status_t efi_init_secure_state(void)
 {
+	static bool lock;
 	enum efi_secure_mode mode = EFI_MODE_SETUP;
 	u8 efi_vendor_keys = 0;
 	efi_uintn_t size = 0;
 	efi_status_t ret;
 
+	if (lock)
+		return EFI_SUCCESS;
+
 	ret = efi_get_variable_int(L"PK", &efi_global_variable_guid,
 				   NULL, &size, NULL, NULL);
 	if (ret == EFI_BUFFER_TOO_SMALL) {
@@ -326,7 +330,9 @@ efi_status_t efi_init_secure_state(void)
 			mode = EFI_MODE_USER;
 	}
 
+	lock = true;
 	ret = efi_transfer_secure_state(mode);
+	lock = false;
 	if (ret != EFI_SUCCESS)
 		return ret;
 
-- 
2.30.2



More information about the U-Boot mailing list