In case PcdBootRestrictToFirmware is set disable
loading EFI variables from NvVars file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf | 1 +
 OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c   | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf
index f152c5504661..9ae40ffe4373 100644
--- a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf
+++ b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf
@@ -49,6 +49,7 @@ [Protocols]
 
 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
+  gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
 
 [Guids]
   gEfiFileInfoGuid
diff --git a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
index d4139b911528..8fc54e58a789 100644
--- a/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
+++ b/OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
@@ -30,7 +30,8 @@ ConnectNvVarsToFileSystem (
 {
   EFI_STATUS  Status;
 
-  if (FeaturePcdGet (PcdSecureBootSupported)) {
+  if (FeaturePcdGet (PcdSecureBootSupported) ||
+      FeaturePcdGet (PcdBootRestrictToFirmware)) {
     return EFI_UNSUPPORTED;
   }
 
-- 
2.40.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104098): https://edk2.groups.io/g/devel/message/104098
Mute This Topic: https://groups.io/mt/98699874/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-