/** Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. @param[in] VariableName Name of the variable. @param[in] VendorGuid Variable vendor GUID. @param[in] Data Data pointer. @param[in] DataSize Size of Data. @param[in] Attributes Attribute value of the variable. @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as defined by the Attributes. @retval EFI_INVALID_PARAMETER Invalid parameter. @retval EFI_WRITE_PROTECTED Variable is write-protected. @retval EFI_OUT_OF_RESOURCES There is not enough resource. @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS set, but the AuthInfo does NOT pass the validation check carried out by the firmware. @retval EFI_UNSUPPORTED Unsupported to process authenticated variable. **/ EFI_STATUS EFIAPI AuthVariableLibProcessVariable ( IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN UINT32 Attributes ) { EFI_STATUS Status; if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE); } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) { Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) )) { Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); if (EFI_ERROR (Status)) { Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes); } } else { Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes); } return Status; }
/** Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. @param[in] VariableName Name of the variable. @param[in] VendorGuid Variable vendor GUID. @param[in] Data Data pointer. @param[in] DataSize Size of Data. @param[in] Attributes Attribute value of the variable. @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as defined by the Attributes. @retval EFI_INVALID_PARAMETER Invalid parameter. @retval EFI_WRITE_PROTECTED Variable is write-protected. @retval EFI_OUT_OF_RESOURCES There is not enough resource. @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS set, but the AuthInfo does NOT pass the validation check carried out by the firmware. @retval EFI_UNSUPPORTED Unsupported to process authenticated variable. **/ EFI_STATUS EFIAPI AuthVariableLibProcessVariable ( IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN UINT32 Attributes ) { EFI_STATUS Status; // // Process PK, KEK, Sigdb, AuditMode, DeployedMode separately. // if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE); } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) { Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_AUDIT_MODE_NAME) == 0 || StrCmp (VariableName, EFI_DEPLOYED_MODE_NAME) == 0)) { Status = ProcessSecureBootModeVar(VariableName, VendorGuid, Data, DataSize, Attributes); } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) )) { Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); if (EFI_ERROR (Status)) { Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes); } } else { Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes); } return Status; }