Heinrich, On Thu, Aug 26, 2021 at 03:48:00PM +0200, Heinrich Schuchardt wrote: > efi_init_secure_state() calls efi_transfer_secure_state() which may delete > variable "PK" which will result in calling efi_init_secure_state() again.
I don't think it is a right thing to do. So I would say nak to this version. When I first implemented those functions, I intended to call efi_init_secure_state() only at the system initialization. Later on, all the transitions should be managed by efi_transfer_secure_state() as well as its callers. Calling efi_init_secure_state() in efi_set_variable_int() is a bad idea. (then you see 'recursion'.) I will explain more in your patch#5. -Takahiro Akashi > Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> > --- > v2: > no change > --- > lib/efi_loader/efi_var_common.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c > index 3d92afe2eb..654ce81f9d 100644 > --- a/lib/efi_loader/efi_var_common.c > +++ b/lib/efi_loader/efi_var_common.c > @@ -314,11 +314,15 @@ err: > > efi_status_t efi_init_secure_state(void) > { > + static bool lock; > enum efi_secure_mode mode = EFI_MODE_SETUP; > u8 efi_vendor_keys = 0; > efi_uintn_t size = 0; > efi_status_t ret; > > + if (lock) > + return EFI_SUCCESS; > + > ret = efi_get_variable_int(L"PK", &efi_global_variable_guid, > NULL, &size, NULL, NULL); > if (ret == EFI_BUFFER_TOO_SMALL) { > @@ -326,7 +330,9 @@ efi_status_t efi_init_secure_state(void) > mode = EFI_MODE_USER; > } > > + lock = true; > ret = efi_transfer_secure_state(mode); > + lock = false; > if (ret != EFI_SUCCESS) > return ret; > > -- > 2.30.2 >