From 38fe58d33aa9abfa1f5c086e5396ef31ee95ecb9 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 25 Jun 2014 09:57:10 -0400 Subject: [PATCH] MokManager: delete the BS+NV variables the right way LibDeleteVariable assumes that the variable is RT+NV and it won't work on a BS+NV variable. Signed-off-by: Gary Ching-Pang Lin --- MokManager.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/MokManager.c b/MokManager.c index c9fbbac..0ab308f 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1112,7 +1112,16 @@ static INTN mok_sb_prompt (void *MokSB, UINTN MokSBSize) { return -1; } } else { - LibDeleteVariable(L"MokSBState", &shim_lock_guid); + efi_status = uefi_call_wrapper(RT->SetVariable, + 5, L"MokSBState", + &shim_lock_guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS, + 0, NULL); + if (efi_status != EFI_SUCCESS) { + console_notify(L"Failed to delete Secure Boot state"); + return -1; + } } console_notify(L"The system must now be rebooted"); @@ -1224,7 +1233,16 @@ static INTN mok_db_prompt (void *MokDB, UINTN MokDBSize) { return -1; } } else { - LibDeleteVariable(L"MokDBState", &shim_lock_guid); + efi_status = uefi_call_wrapper(RT->SetVariable, 5, + L"MokDBState", + &shim_lock_guid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS, + 0, NULL); + if (efi_status != EFI_SUCCESS) { + console_notify(L"Failed to delete DB state"); + return -1; + } } console_notify(L"The system must now be rebooted"); @@ -1261,7 +1279,11 @@ static INTN mok_pw_prompt (void *MokPW, UINTN MokPWSize) { if (console_yes_no((CHAR16 *[]){L"Clear MOK password?", NULL}) == 0) return 0; - LibDeleteVariable(L"MokPWStore", &shim_lock_guid); + uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore", + &shim_lock_guid, + EFI_VARIABLE_NON_VOLATILE + | EFI_VARIABLE_BOOTSERVICE_ACCESS, + 0, NULL); LibDeleteVariable(L"MokPW", &shim_lock_guid); console_notify(L"The system must now be rebooted"); uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0,