| Message ID | 20200714100656.67451-1-xypron.glpk@gmx.de |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [1/1] efi_loader: update secure state | expand |
On Tue, Jul 14, 2020 at 12:06:56PM +0200, Heinrich Schuchardt wrote: > Update the UEFI secure state when variable 'PK' is updated in the TEE > variables implementation. > > Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de> > --- > lib/efi_loader/efi_variable_tee.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c > index 24e0663ebd..1046e0d470 100644 > --- a/lib/efi_loader/efi_variable_tee.c > +++ b/lib/efi_loader/efi_variable_tee.c > @@ -557,6 +557,10 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, > var_property.maxsize = var_acc->data_size; > ret = set_property_int(variable_name, name_size, vendor, &var_property); > } > + > + if (alt_ret == EFI_SUCCESS ret == EFI_SUCCESS && > + !u16_strcmp(variable_name, L"PK")) > + ret = efi_init_secure_state(); There's an && missing here. In any case don't check for both alt_ret and ret, just goto out; if the above set_property_int() fails and you should be able to check for 'ret' only. > out: > free(comm_buf); > return alt_ret == EFI_SUCCESS ? ret : alt_ret; > @@ -716,5 +720,9 @@ efi_status_t efi_init_variables(void) > MM_VARIABLE_COMMUNICATE_SIZE + > max_payload_size; > > + ret = efi_init_secure_state(); > + if (ret != EFI_SUCCESS) > + return ret; > + > return EFI_SUCCESS; > } > -- > 2.27.0 > Thanks /Ilias
On Tue, 14 Jul 2020 at 14:14, <ilias.apalodimas at linaro.org> wrote: > > On Tue, Jul 14, 2020 at 12:06:56PM +0200, Heinrich Schuchardt wrote: > > Update the UEFI secure state when variable 'PK' is updated in the TEE > > variables implementation. > > > > Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de> > > --- > > lib/efi_loader/efi_variable_tee.c | 8 ++++++++ > > 1 file changed, 8 insertions(+) > > > > diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c > > index 24e0663ebd..1046e0d470 100644 > > --- a/lib/efi_loader/efi_variable_tee.c > > +++ b/lib/efi_loader/efi_variable_tee.c > > @@ -557,6 +557,10 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, > > var_property.maxsize = var_acc->data_size; > > ret = set_property_int(variable_name, name_size, vendor, &var_property); > > } > > + > > + if (alt_ret == EFI_SUCCESS ret == EFI_SUCCESS && > > + !u16_strcmp(variable_name, L"PK")) > > + ret = efi_init_secure_state(); > > There's an && missing here. In any case don't check for both alt_ret and ret, > just goto out; if the above set_property_int() fails and you should be able to > check for 'ret' only. Actually if you add the goto out, no check at all is required, just your strcmp > > > out: > > free(comm_buf); > > return alt_ret == EFI_SUCCESS ? ret : alt_ret; > > @@ -716,5 +720,9 @@ efi_status_t efi_init_variables(void) > > MM_VARIABLE_COMMUNICATE_SIZE + > > max_payload_size; > > > > + ret = efi_init_secure_state(); > > + if (ret != EFI_SUCCESS) > > + return ret; > > + > > return EFI_SUCCESS; > > } > > -- > > 2.27.0 > > > > Thanks > /Ilias
diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c index 24e0663ebd..1046e0d470 100644 --- a/lib/efi_loader/efi_variable_tee.c +++ b/lib/efi_loader/efi_variable_tee.c @@ -557,6 +557,10 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, var_property.maxsize = var_acc->data_size; ret = set_property_int(variable_name, name_size, vendor, &var_property); } + + if (alt_ret == EFI_SUCCESS ret == EFI_SUCCESS && + !u16_strcmp(variable_name, L"PK")) + ret = efi_init_secure_state(); out: free(comm_buf); return alt_ret == EFI_SUCCESS ? ret : alt_ret; @@ -716,5 +720,9 @@ efi_status_t efi_init_variables(void) MM_VARIABLE_COMMUNICATE_SIZE + max_payload_size; + ret = efi_init_secure_state(); + if (ret != EFI_SUCCESS) + return ret; + return EFI_SUCCESS; }
Update the UEFI secure state when variable 'PK' is updated in the TEE variables implementation. Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de> --- lib/efi_loader/efi_variable_tee.c | 8 ++++++++ 1 file changed, 8 insertions(+) -- 2.27.0