[PATCH 3/3] efi_loader: handle EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Wed Apr 3 17:33:35 CEST 2024
We don't yet support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS for file
based variables, but we should pass it to TEE based variable stores.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
include/efi.h | 3 ++-
lib/efi_loader/efi_variable.c | 8 ++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/include/efi.h b/include/efi.h
index 62cfb993d2e..c3c4b93f860 100644
--- a/include/efi.h
+++ b/include/efi.h
@@ -507,7 +507,8 @@ extern char _binary_u_boot_bin_start[], _binary_u_boot_bin_end[];
EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
- EFI_VARIABLE_APPEND_WRITE)
+ EFI_VARIABLE_APPEND_WRITE | \
+ EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS)
/**
* efi_get_priv() - Get access to the EFI-private information
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 48ad813d79b..e09a5e7ccb2 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -235,8 +235,12 @@ efi_status_t efi_set_variable_int(const u16 *variable_name,
if (data_size && !data)
return EFI_INVALID_PARAMETER;
- /* EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated */
- if (attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+ /*
+ * EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated.
+ * We don't support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS.
+ */
+ if (attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
+ EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS))
return EFI_UNSUPPORTED;
/* Make sure if runtime bit is set, boot service bit is set also */
--
2.43.0
More information about the U-Boot
mailing list