Add an auth argument to store_keys()

If the user is manually installing keys from a filesystem then we don't need to ask for the key password.
2025-08-07 06:16:16 +00:00 · 2012-10-08 21:45:38 -04:00 · 2012-10-08 21:45:38 -04:00 · 27db5b66aa
commit 27db5b66aa
parent ae46cf9d05
1 changed files with 43 additions and 38 deletions
--- a/MokManager.c
+++ b/MokManager.c
@ -485,7 +485,7 @@ done:
 	return status;
 }

-static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize)
+static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate)
 {
 	EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
 	EFI_STATUS efi_status;
@ -497,6 +497,7 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize)
 	UINT32 pw_length;
 	UINT8 fail_count = 0;

+	if (authenticate) {
 		auth_size = SHA256_DIGEST_SIZE;
 		efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth",
 					       &shim_lock_guid,
@ -535,6 +536,7 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize)

 		if (fail_count >= 3)
 			return EFI_ACCESS_DENIED;
+	}

 	/* Write new MOK */
 	efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokList",
@ -550,10 +552,9 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize)
 	return EFI_SUCCESS;
 }

-static UINTN mok_enrollment_prompt (void *MokNew, void *data2) {
+static UINTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth) {
 	CHAR16 line[1];
 	UINT32 length;
-	UINTN MokNewSize = (UINTN)data2;
 	EFI_STATUS efi_status;

 	do {
@ -566,7 +567,7 @@ static UINTN mok_enrollment_prompt (void *MokNew, void *data2) {
 		get_line (&length, line, 1, 1);

 		if (line[0] == 'Y' || line[0] == 'y') {
-			efi_status = store_keys(MokNew, MokNewSize);
+			efi_status = store_keys(MokNew, MokNewSize, auth);

 			if (efi_status != EFI_SUCCESS) {
 				Print(L"Failed to enroll keys\n");
@ -578,6 +579,10 @@ static UINTN mok_enrollment_prompt (void *MokNew, void *data2) {
 	return -1;
 }

+static UINTN mok_enrollment_prompt_callback (void *MokNew, void *data2) {
+	return mok_enrollment_prompt(MokNew, (UINTN)data2, TRUE);
+}
+
 static UINTN mok_deletion_prompt (void *MokNew, void *data2) {
 	CHAR16 line[1];
 	UINT32 length;
@ -588,7 +593,7 @@ static UINTN mok_deletion_prompt (void *MokNew, void *data2) {
 	get_line (&length, line, 1, 1);

 	if (line[0] == 'Y' || line[0] == 'y') {
-		efi_status = store_keys(MokNew, sizeof(UINT32));
+		efi_status = store_keys(MokNew, sizeof(UINT32), TRUE);

 		if (efi_status != EFI_SUCCESS) {
 			Print(L"Failed to erase keys\n");
@ -1036,7 +1041,7 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, void *MokNew)
 			menu_item[1].text = StrDuplicate(L"Enroll MOK\n");
 			menu_item[1].colour = EFI_WHITE;
 			menu_item[1].data = MokNew;
-			menu_item[1].callback = mok_enrollment_prompt;
+			menu_item[1].callback = mok_enrollment_prompt_callback;
 		}
 		menucount++;
 	}