[PATCH 0/2] efi_loader: fix secure boot variables
The size and type of some UEFI secure boot related variables is incorrect. This leads to incorrect UEFI variable values.
For an internal variable holding an enum int is used as type instead of the enumeration.
Heinrich Schuchardt (2): efi_loader: type of efi_secure_mode efi_loader: size of secure boot variables
lib/efi_loader/efi_variable.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-)
-- 2.27.0
Variable efi_secure_mode is meant to hold a value of enum efi_secure_mode. So it should not be defined as int but as enum efi_secure_mode.
Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de --- lib/efi_loader/efi_variable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index e097670e28..4d275b23ce 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -27,7 +27,7 @@ enum efi_secure_mode { };
static bool efi_secure_boot; -static int efi_secure_mode; +static enum efi_secure_mode efi_secure_mode; static u8 efi_vendor_keys;
#define READ_ONLY BIT(31) -- 2.27.0
The variables SetupMode, AuditMode, DeployedMode are explicitly defined as UINT8 in the UEFI specification. The type of SecureBoot is UINT8 in EDK2.
Use variable name secure_boot instead of sec_boot for the value of the UEFI variable SecureBoot.
Avoid abbreviations in function descriptions.
Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de --- lib/efi_loader/efi_variable.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 4d275b23ce..6271dbcf41 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -185,17 +185,17 @@ static const char *parse_attr(const char *str, u32 *attrp, u64 *timep)
/** * efi_set_secure_state - modify secure boot state variables - * @sec_boot: value of SecureBoot + * @secure_boot: value of SecureBoot * @setup_mode: value of SetupMode * @audit_mode: value of AuditMode * @deployed_mode: value of DeployedMode * - * Modify secure boot stat-related variables as indicated. + * Modify secure boot status related variables as indicated. * * Return: status code */ -static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode, - int audit_mode, int deployed_mode) +static efi_status_t efi_set_secure_state(u8 secure_boot, u8 setup_mode, + u8 audit_mode, u8 deployed_mode) { u32 attributes; efi_status_t ret; @@ -204,8 +204,8 @@ static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode, EFI_VARIABLE_RUNTIME_ACCESS | READ_ONLY; ret = efi_set_variable_common(L"SecureBoot", &efi_global_variable_guid, - attributes, sizeof(sec_boot), &sec_boot, - false); + attributes, sizeof(secure_boot), + &secure_boot, false); if (ret != EFI_SUCCESS) goto err;
-- 2.27.0
participants (1)
-
Heinrich Schuchardt