Heinrich,

On Thu, Aug 26, 2021 at 03:48:00PM +0200, Heinrich Schuchardt wrote:
> efi_init_secure_state() calls efi_transfer_secure_state() which may delete
> variable "PK" which will result in calling efi_init_secure_state() again.

I don't think it is a right thing to do. So I would say nak to this version.
When I first implemented those functions, I intended to call
efi_init_secure_state() only at the system initialization.
Later on, all the transitions should be managed by efi_transfer_secure_state()
as well as its callers.

Calling efi_init_secure_state() in efi_set_variable_int() is a bad idea.
(then you see 'recursion'.)
I will explain more in your patch#5.

-Takahiro Akashi


> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> ---
> v2:
>       no change
> ---
>  lib/efi_loader/efi_var_common.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
> index 3d92afe2eb..654ce81f9d 100644
> --- a/lib/efi_loader/efi_var_common.c
> +++ b/lib/efi_loader/efi_var_common.c
> @@ -314,11 +314,15 @@ err:
>  
>  efi_status_t efi_init_secure_state(void)
>  {
> +     static bool lock;
>       enum efi_secure_mode mode = EFI_MODE_SETUP;
>       u8 efi_vendor_keys = 0;
>       efi_uintn_t size = 0;
>       efi_status_t ret;
>  
> +     if (lock)
> +             return EFI_SUCCESS;
> +
>       ret = efi_get_variable_int(L"PK", &efi_global_variable_guid,
>                                  NULL, &size, NULL, NULL);
>       if (ret == EFI_BUFFER_TOO_SMALL) {
> @@ -326,7 +330,9 @@ efi_status_t efi_init_secure_state(void)
>                       mode = EFI_MODE_USER;
>       }
>  
> +     lock = true;
>       ret = efi_transfer_secure_state(mode);
> +     lock = false;
>       if (ret != EFI_SUCCESS)
>               return ret;
>  
> -- 
> 2.30.2
> 

Reply via email to