efi_loader: handle EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS We don't yet support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS for file based variables, but we should pass it to TEE based variable stores. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

commit: e0fa2cf39cedd9297c16bc4ea4ff5c512bb4e0ec [log] [tgz]
author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Wed Apr 03 17:33:35 2024 +0200
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Mon Apr 08 13:03:34 2024 +0200
tree: cfd0fe39618a3053d9d46173644d1d963acea0bc
parent: 3b51c3a0b03411b07f0acd8bf2361ba54043fdcf [diff]
diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index b2f8ebd..6fe3792 100644
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c

@@ -235,8 +235,12 @@
 	if (data_size && !data)
 		return EFI_INVALID_PARAMETER;
 
-	/* EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated */
-	if (attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+	/*
+	 * EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated.
+	 * We don't support EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS.
+	 */
+	if (attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
+			  EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS))
 		return EFI_UNSUPPORTED;
 
 	/* Make sure if runtime bit is set, boot service bit is set also */
commit	e0fa2cf39cedd9297c16bc4ea4ff5c512bb4e0ec	[log] [tgz]
author	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Wed Apr 03 17:33:35 2024 +0200
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Mon Apr 08 13:03:34 2024 +0200
tree	cfd0fe39618a3053d9d46173644d1d963acea0bc
parent	3b51c3a0b03411b07f0acd8bf2361ba54043fdcf [diff]