efi_init_secure_state() calls efi_transfer_secure_state() which may delete
variable "PK" which will result in calling efi_init_secure_state() again.

Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
---
v2:
        no change
---
 lib/efi_loader/efi_var_common.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index 3d92afe2eb..654ce81f9d 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -314,11 +314,15 @@ err:
 
 efi_status_t efi_init_secure_state(void)
 {
+       static bool lock;
        enum efi_secure_mode mode = EFI_MODE_SETUP;
        u8 efi_vendor_keys = 0;
        efi_uintn_t size = 0;
        efi_status_t ret;
 
+       if (lock)
+               return EFI_SUCCESS;
+
        ret = efi_get_variable_int(L"PK", &efi_global_variable_guid,
                                   NULL, &size, NULL, NULL);
        if (ret == EFI_BUFFER_TOO_SMALL) {
@@ -326,7 +330,9 @@ efi_status_t efi_init_secure_state(void)
                        mode = EFI_MODE_USER;
        }
 
+       lock = true;
        ret = efi_transfer_secure_state(mode);
+       lock = false;
        if (ret != EFI_SUCCESS)
                return ret;
 
-- 
2.30.2

Reply via email to