[PATCH 3/3] efi_loader: handle EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed Apr 3 17:36:38 CEST 2024
On Wed, 3 Apr 2024 at 18:34, Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> We don't yet support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS for file
> based variables, but we should pass it to TEE based variable stores.
>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> include/efi.h | 3 ++-
> lib/efi_loader/efi_variable.c | 8 ++++++--
> 2 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/include/efi.h b/include/efi.h
> index 62cfb993d2e..c3c4b93f860 100644
> --- a/include/efi.h
> +++ b/include/efi.h
> @@ -507,7 +507,8 @@ extern char _binary_u_boot_bin_start[], _binary_u_boot_bin_end[];
> EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
> EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
> - EFI_VARIABLE_APPEND_WRITE)
> + EFI_VARIABLE_APPEND_WRITE | \
> + EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS)
>
> /**
> * efi_get_priv() - Get access to the EFI-private information
> diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
> index 48ad813d79b..e09a5e7ccb2 100644
> --- a/lib/efi_loader/efi_variable.c
> +++ b/lib/efi_loader/efi_variable.c
> @@ -235,8 +235,12 @@ efi_status_t efi_set_variable_int(const u16 *variable_name,
> if (data_size && !data)
> return EFI_INVALID_PARAMETER;
>
> - /* EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated */
> - if (attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
> + /*
> + * EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated.
> + * We don't support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS.
> + */
> + if (attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
> + EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS))
> return EFI_UNSUPPORTED;
>
> /* Make sure if runtime bit is set, boot service bit is set also */
> --
> 2.43.0
>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
More information about the U-Boot
mailing list