[PATCH v2 1/6] efi_loader: stop recursion in efi_init_secure_state
AKASHI Takahiro
takahiro.akashi at linaro.org
Fri Aug 27 04:26:21 CEST 2021
Heinrich,
On Thu, Aug 26, 2021 at 03:48:00PM +0200, Heinrich Schuchardt wrote:
> efi_init_secure_state() calls efi_transfer_secure_state() which may delete
> variable "PK" which will result in calling efi_init_secure_state() again.
I don't think it is a right thing to do. So I would say nak to this version.
When I first implemented those functions, I intended to call
efi_init_secure_state() only at the system initialization.
Later on, all the transitions should be managed by efi_transfer_secure_state()
as well as its callers.
Calling efi_init_secure_state() in efi_set_variable_int() is a bad idea.
(then you see 'recursion'.)
I will explain more in your patch#5.
-Takahiro Akashi
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> v2:
> no change
> ---
> lib/efi_loader/efi_var_common.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
> index 3d92afe2eb..654ce81f9d 100644
> --- a/lib/efi_loader/efi_var_common.c
> +++ b/lib/efi_loader/efi_var_common.c
> @@ -314,11 +314,15 @@ err:
>
> efi_status_t efi_init_secure_state(void)
> {
> + static bool lock;
> enum efi_secure_mode mode = EFI_MODE_SETUP;
> u8 efi_vendor_keys = 0;
> efi_uintn_t size = 0;
> efi_status_t ret;
>
> + if (lock)
> + return EFI_SUCCESS;
> +
> ret = efi_get_variable_int(L"PK", &efi_global_variable_guid,
> NULL, &size, NULL, NULL);
> if (ret == EFI_BUFFER_TOO_SMALL) {
> @@ -326,7 +330,9 @@ efi_status_t efi_init_secure_state(void)
> mode = EFI_MODE_USER;
> }
>
> + lock = true;
> ret = efi_transfer_secure_state(mode);
> + lock = false;
> if (ret != EFI_SUCCESS)
> return ret;
>
> --
> 2.30.2
>
More information about the U-Boot
mailing list