proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-05-31 02:44:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Retrieve attributes of variables

Browse Source 
We have to make sure the machine owner key is stored in a BS
variable.
This commit is contained in:
Gary Ching-Pang Lin 2012-09-11 16:31:05 +08:00
parent 000c565c06
commit 31d3bd054a
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
shim.c
View File

@ -60,15 +60,14 @@ typedef enum {
VAR_NOT_FOUND VAR_NOT_FOUND
} CHECK_STATUS; } CHECK_STATUS;
static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid, static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid, UINT32 *attributes,
UINTN *size, void **buffer) UINTN *size, void **buffer)
{ {
EFI_STATUS efi_status; EFI_STATUS efi_status;
UINT32 attributes;
char allocate = !(*size); char allocate = !(*size);
efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid, efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
&attributes, size, buffer); attributes, size, buffer);
if (efi_status != EFI_BUFFER_TOO_SMALL || !allocate) { if (efi_status != EFI_BUFFER_TOO_SMALL || !allocate) {
return efi_status; return efi_status;
@ -83,7 +82,7 @@ static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid,
} }
efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid, efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
&attributes, size, *buffer); attributes, size, *buffer);
return efi_status; return efi_status;
} }
@ -211,11 +210,12 @@ static CHECK_STATUS check_db_cert(CHAR16 *dbname, WIN_CERTIFICATE_EFI_PKCS *data
EFI_SIGNATURE_DATA *Cert; EFI_SIGNATURE_DATA *Cert;
UINTN dbsize = 0; UINTN dbsize = 0;
UINTN CertCount, Index; UINTN CertCount, Index;
UINT32 attributes;
BOOLEAN IsFound = FALSE; BOOLEAN IsFound = FALSE;
void *db; void *db;
EFI_GUID CertType = EfiCertX509Guid; EFI_GUID CertType = EfiCertX509Guid;
efi_status = get_variable(dbname, secure_var, &dbsize, &db); efi_status = get_variable(dbname, secure_var, &attributes, &dbsize, &db);
if (efi_status != EFI_SUCCESS) if (efi_status != EFI_SUCCESS)
return VAR_NOT_FOUND; return VAR_NOT_FOUND;
@ -259,12 +259,13 @@ static CHECK_STATUS check_db_hash(CHAR16 *dbname, UINT8 *data)
EFI_SIGNATURE_DATA *Cert; EFI_SIGNATURE_DATA *Cert;
UINTN dbsize = 0; UINTN dbsize = 0;
UINTN CertCount, Index; UINTN CertCount, Index;
UINT32 attributes;
BOOLEAN IsFound = FALSE; BOOLEAN IsFound = FALSE;
void *db; void *db;
unsigned int SignatureSize = SHA256_DIGEST_SIZE; unsigned int SignatureSize = SHA256_DIGEST_SIZE;
EFI_GUID CertType = EfiHashSha256Guid; EFI_GUID CertType = EfiHashSha256Guid;
efi_status = get_variable(dbname, secure_var, &dbsize, &db); efi_status = get_variable(dbname, secure_var, &attributes, &dbsize, &db);
if (efi_status != EFI_SUCCESS) { if (efi_status != EFI_SUCCESS) {
return VAR_NOT_FOUND; return VAR_NOT_FOUND;
@ -334,8 +335,10 @@ static BOOLEAN secure_mode (void)
EFI_GUID global_var = EFI_GLOBAL_VARIABLE; EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
UINTN charsize = sizeof(char); UINTN charsize = sizeof(char);
UINT8 sb, setupmode; UINT8 sb, setupmode;
UINT32 attributes;
status = get_variable(L"SecureBoot", global_var, &charsize, (void *)&sb); status = get_variable(L"SecureBoot", global_var, &attributes, &charsize,
(void *)&sb);
/* FIXME - more paranoia here? */ /* FIXME - more paranoia here? */
if (status != EFI_SUCCESS || sb != 1) { if (status != EFI_SUCCESS || sb != 1) {
@ -343,7 +346,8 @@ static BOOLEAN secure_mode (void)
return FALSE; return FALSE;
} }
status = get_variable(L"SetupMode", global_var, &charsize, (void *)&setupmode); status = get_variable(L"SetupMode", global_var, &attributes, &charsize,
(void *)&setupmode);
if (status == EFI_SUCCESS && setupmode == 1) { if (status == EFI_SUCCESS && setupmode == 1) {
Print(L"Platform is in setup mode\n"); Print(L"Platform is in setup mode\n");