.../SecureBootConfigDxe/SecureBootConfigImpl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
Check the return value of HiiGetBrowserData() before calling HiiSetBrowserData(). HiiGetBrowserData() failed to retrieve NV data during action EFI_BROWSER_ACTION_RETRIEVE. If NV data is invalid, stop sending it to form browser.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Nickle Wang <nickle.wang@hpe.com>
Signed-off-by: cinnamon shia <cinnamon.shia@hpe.com>
---
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index e3066f7..6123b56 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -2,6 +2,7 @@
HII Config Access protocol implementation of SecureBoot configuration module.
Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -4319,6 +4320,7 @@ SecureBootCallback (
UINTN NameLength;
UINT16 *FilePostFix;
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
+ BOOLEAN GetBrowserDataResult;
Status = EFI_SUCCESS;
SecureBootEnable = NULL;
@@ -4343,7 +4345,7 @@ SecureBootCallback (
return EFI_OUT_OF_RESOURCES;
}
- HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
+ GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData);
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
if (QuestionId == KEY_SECURE_BOOT_MODE) {
@@ -4889,7 +4891,7 @@ SecureBootCallback (
EXIT:
- if (!EFI_ERROR (Status)) {
+ if (!EFI_ERROR (Status) && GetBrowserDataResult) {
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
}
--
2.5.1.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> -----Original Message----- From: Nickle Wang [mailto:nickle.wang@hpe.com] Sent: Tuesday, May 29, 2018 8:08 PM To: edk2-devel@lists.01.org Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Nickle Wang <nickle.wang@hpe.com>; cinnamon shia <cinnamon.shia@hpe.com> Subject: [PATCH] SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue. Check the return value of HiiGetBrowserData() before calling HiiSetBrowserData(). HiiGetBrowserData() failed to retrieve NV data during action EFI_BROWSER_ACTION_RETRIEVE. If NV data is invalid, stop sending it to form browser. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Nickle Wang <nickle.wang@hpe.com> Signed-off-by: cinnamon shia <cinnamon.shia@hpe.com> --- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index e3066f7..6123b56 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo +++ nfigImpl.c @@ -2,6 +2,7 @@ HII Config Access protocol implementation of SecureBoot configuration module. Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -4319,6 +4320,7 @@ SecureBootCallback ( UINTN NameLength; UINT16 *FilePostFix; SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + BOOLEAN GetBrowserDataResult; Status = EFI_SUCCESS; SecureBootEnable = NULL; @@ -4343,7 +4345,7 @@ SecureBootCallback ( return EFI_OUT_OF_RESOURCES; } - HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData); + GetBrowserDataResult = HiiGetBrowserData + (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, + (UINT8 *) IfrNvData); if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { if (QuestionId == KEY_SECURE_BOOT_MODE) { @@ -4889,7 +4891,7 @@ SecureBootCallback ( EXIT: - if (!EFI_ERROR (Status)) { + if (!EFI_ERROR (Status) && GetBrowserDataResult) { BufferSize = sizeof (SECUREBOOT_CONFIGURATION); HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL); } -- 2.5.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.