On Wed, 3 Apr 2024 at 18:34, Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:
We don't yet support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS for file based variables, but we should pass it to TEE based variable stores.
Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
include/efi.h | 3 ++- lib/efi_loader/efi_variable.c | 8 ++++++-- 2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/include/efi.h b/include/efi.h index 62cfb993d2e..c3c4b93f860 100644 --- a/include/efi.h +++ b/include/efi.h @@ -507,7 +507,8 @@ extern char _binary_u_boot_bin_start[], _binary_u_boot_bin_end[]; EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
EFI_VARIABLE_APPEND_WRITE)
EFI_VARIABLE_APPEND_WRITE | \EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS)/**
- efi_get_priv() - Get access to the EFI-private information
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 48ad813d79b..e09a5e7ccb2 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -235,8 +235,12 @@ efi_status_t efi_set_variable_int(const u16 *variable_name, if (data_size && !data) return EFI_INVALID_PARAMETER;
/* EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated */if (attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
/** EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated.* We don't support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS.*/if (attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS)) return EFI_UNSUPPORTED; /* Make sure if runtime bit is set, boot service bit is set also */-- 2.43.0
Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org