Virtualization
/
edk2
mirror of https://gitlab.com/qemu-project/edk2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

OvmfPkg/NvVarsFileLib: disable in case PcdBootRestrictToFirmware is set 

In case PcdBootRestrictToFirmware is set, disable loading EFI variables
from NvVars file.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
This commit is contained in:
Gerd Hoffmann 2023-05-05 07:17:25 +02:00 committed by mergify[bot]
parent 41d7832db0
commit 63887e272d
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.c
View File

@ -30,7 +30,9 @@ ConnectNvVarsToFileSystem (
{ {
EFI_STATUS Status; EFI_STATUS Status;
if (FeaturePcdGet (PcdSecureBootSupported)) { if (FeaturePcdGet (PcdSecureBootSupported) ||
FeaturePcdGet (PcdBootRestrictToFirmware))
{
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }

1
OvmfPkg/Library/NvVarsFileLib/NvVarsFileLib.inf
View File

@ -49,6 +49,7 @@
[Pcd] [Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported
gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
[Guids] [Guids]
gEfiFileInfoGuid gEfiFileInfoGuid