Merge variable retrieving functions

2025-06-07 14:19:01 +00:00 · 2013-07-04 18:25:24 +08:00 · 2013-07-04 18:25:24 +08:00 · 7d602e843c
commit 7d602e843c
parent 79424b09ca
5 changed files with 31 additions and 86 deletions
--- a/MokManager.c
+++ b/MokManager.c
@ -9,6 +9,7 @@
 #include "guid.h"
 #include "console.h"
 #include "variables.h"
 #include "simple_file.h"
 #include "efiauthenticated.h"
@ -50,32 +51,6 @@ typedef struct {
 	CHAR16 Password[SB_PASSWORD_LEN];
 } __attribute__ ((packed)) MokSBvar;
 static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid, UINT32 *attributes,
 				UINTN *size, void **buffer)
 {
 	EFI_STATUS efi_status;
 	char allocate = !(*size);
 	efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
 				       attributes, size, buffer);
 	if (efi_status != EFI_BUFFER_TOO_SMALL || !allocate) {
 		return efi_status;
 	}
 	*buffer = AllocatePool(*size);
 	if (!*buffer) {
 		console_notify(L"Unable to allocate variable buffer");
 		return EFI_OUT_OF_RESOURCES;
 	}
 	efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
 				       attributes, size, *buffer);
 	return efi_status;
 }
 static EFI_STATUS get_sha1sum (void *Data, int DataSize, UINT8 *hash)
 {
 	EFI_STATUS status;
@ -904,7 +879,7 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize)
 	UINT8 auth[PASSWORD_CRYPT_SIZE];
 	UINTN auth_size = PASSWORD_CRYPT_SIZE;
 	UINT32 attributes;
-	void *MokListData = NULL;
+	UINT8 *MokListData = NULL;
 	UINTN MokListDataSize = 0;
 	MokListNode *mok, *del_key;
 	INTN mok_num, del_num;
@ -929,9 +904,8 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize)
 	if (efi_status != EFI_SUCCESS)
 		return EFI_ACCESS_DENIED;
-	efi_status = get_variable(L"MokList", shim_lock_guid, &attributes,
+	efi_status = get_variable_attr (L"MokList", &MokListData, &MokListDataSize,
-				  &MokListDataSize, &MokListData);
+				        shim_lock_guid, &attributes);
 	if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
 		console_alertbox((CHAR16 *[]){L"MokList is compromised!",
 					L"Erase all keys in MokList!",
--- a/include/variables.h
+++ b/include/variables.h
@ -1,6 +1,6 @@
 #include <efiauthenticated.h>
-#include <sha256.h>		/* for SHA256_DIGEST_SIZE */
+#include <PeImage.h>		/* for SHA256_DIGEST_SIZE */
 #define certlist_for_each_certentry(cl, cl_init, s, s_init)		\
 	for (cl = (EFI_SIGNATURE_LIST *)(cl_init), s = (s_init);	\
--- a/lib/Makefile
+++ b/lib/Makefile
@ -1,6 +1,6 @@
 TARGET = lib.a
-LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o
+LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o
 ARCH            = $(shell uname -m | sed s,i[3456789]86,ia32,)
--- a/lib/variables.c
+++ b/lib/variables.c
@ -27,7 +27,6 @@
 #include <variables.h>
 #include <guid.h>
 #include <console.h>
 #include <sha256.h>
 #include <errors.h>
 EFI_STATUS
--- a/shim.c
+++ b/shim.c
@ -43,6 +43,7 @@
 #include "ucs2.h"
 #include "guid.h"
 #include "variables.h"
 #include "efiauthenticated.h"
 #define FALLBACK L"\\fallback.efi"
@ -81,32 +82,6 @@ typedef struct {
 	UINT8 *Mok;
 } MokListNode;
 static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid, UINT32 *attributes,
 				UINTN *size, void **buffer)
 {
 	EFI_STATUS efi_status;
 	char allocate = !(*size);
 	efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
 				       attributes, size, buffer);
 	if (efi_status != EFI_BUFFER_TOO_SMALL || !allocate) {
 		return efi_status;
 	}
 	*buffer = AllocatePool(*size);
 	if (!*buffer) {
 		Print(L"Unable to allocate variable buffer\n");
 		return EFI_OUT_OF_RESOURCES;
 	}
 	efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
 				       attributes, size, *buffer);
 	return efi_status;
 }
 /*
 * Perform basic bounds checking of the intra-image pointers
 */
@ -270,15 +245,14 @@ static CHECK_STATUS check_db_cert(CHAR16 *dbname, EFI_GUID guid,
 	EFI_STATUS efi_status;
 	EFI_SIGNATURE_LIST *CertList;
 	UINTN dbsize = 0;
-	UINT32 attributes;
+	UINT8 *db;
 	void *db;
-	efi_status = get_variable(dbname, guid, &attributes, &dbsize, &db);
+	efi_status = get_variable(dbname, &db, &dbsize, guid);
 	if (efi_status != EFI_SUCCESS)
 		return VAR_NOT_FOUND;
-	CertList = db;
+	CertList = (EFI_SIGNATURE_LIST *)db;
 	rc = check_db_cert_in_ram(CertList, dbsize, data, hash);
@ -336,17 +310,16 @@ static CHECK_STATUS check_db_hash(CHAR16 *dbname, EFI_GUID guid, UINT8 *data,
 {
 	EFI_STATUS efi_status;
 	EFI_SIGNATURE_LIST *CertList;
 	UINT32 attributes;
 	UINTN dbsize = 0;
-	void *db;
+	UINT8 *db;
-	efi_status = get_variable(dbname, guid, &attributes, &dbsize, &db);
+	efi_status = get_variable(dbname, &db, &dbsize, guid);
 	if (efi_status != EFI_SUCCESS) {
 		return VAR_NOT_FOUND;
 	}
-	CertList = db;
+	CertList = (EFI_SIGNATURE_LIST *)db;
 	CHECK_STATUS rc = check_db_hash_in_ram(CertList, dbsize, data,
 						SignatureSize, CertType);
@ -423,15 +396,16 @@ static BOOLEAN secure_mode (void)
 {
 	EFI_STATUS status;
 	EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
-	UINTN charsize = sizeof(char);
+	UINTN len;
 	UINT8 *Data;
 	UINT8 sb, setupmode;
 	UINT32 attributes;
 	if (insecure_mode)
 		return FALSE;
-	status = get_variable(L"SecureBoot", global_var, &attributes, &charsize,
+	status = get_variable(L"SecureBoot", &Data, &len, global_var);
-			      (void *)&sb);
+	sb = *Data;
 	FreePool(Data);
 	/* FIXME - more paranoia here? */
 	if (status != EFI_SUCCESS || sb != 1) {
@ -440,8 +414,9 @@ static BOOLEAN secure_mode (void)
 		return FALSE;
 	}
-	status = get_variable(L"SetupMode", global_var, &attributes, &charsize,
+	status = get_variable(L"SetupMode", &Data, &len, global_var);
-			      (void *)&setupmode);
+	setupmode = *Data;
 	FreePool(Data);
 	if (status == EFI_SUCCESS && setupmode == 1) {
 		if (verbose)
@ -629,12 +604,12 @@ done:
 static EFI_STATUS verify_mok (void) {
 	EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
 	EFI_STATUS status = EFI_SUCCESS;
-	void *MokListData = NULL;
+	UINT8 *MokListData = NULL;
 	UINTN MokListDataSize = 0;
 	UINT32 attributes;
-	status = get_variable(L"MokList", shim_lock_guid, &attributes,
+	status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize,
-			      &MokListDataSize, &MokListData);
+				   shim_lock_guid, &attributes);
 	if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
 		Print(L"MokList is compromised!\nErase all keys in MokList!\n");
@ -1325,12 +1300,10 @@ EFI_STATUS mirror_mok_list()
 {
 	EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
 	EFI_STATUS efi_status;
-	UINT32 attributes;
+	UINT8 *Data = NULL;
 	void *Data = NULL;
 	UINTN DataSize = 0;
-	efi_status = get_variable(L"MokList", shim_lock_guid, &attributes,
+	efi_status = get_variable(L"MokList", &Data, &DataSize, shim_lock_guid);
 				  &DataSize, &Data);
 	if (efi_status != EFI_SUCCESS) {
 		goto done;
@ -1400,12 +1373,12 @@ static EFI_STATUS check_mok_sb (void)
 {
 	EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
 	EFI_STATUS status = EFI_SUCCESS;
-	void *MokSBState = NULL;
+	UINT8 *MokSBState = NULL;
 	UINTN MokSBStateSize = 0;
 	UINT32 attributes;
-	status = get_variable(L"MokSBState", shim_lock_guid, &attributes,
+	status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize,
-			      &MokSBStateSize, &MokSBState);
+				   shim_lock_guid, &attributes);
 	if (status != EFI_SUCCESS)
 		return EFI_ACCESS_DENIED;
@ -1517,7 +1490,6 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	EFI_STATUS efi_status;
 	UINT8 verbose_check;
 	UINTN verbose_check_size;
 	UINT32 attributes;
 	EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
 	/*
@ -1536,8 +1508,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	InitializeLib(image_handle, systab);
 	verbose_check_size = 1;
-	efi_status = get_variable(L"SHIM_VERBOSE", global_var, &attributes,
+	efi_status = get_variable(L"SHIM_VERBOSE", (void *)&verbose_check,
-				  &verbose_check_size, (void *)&verbose_check);
+				  &verbose_check_size, global_var);
 	if (!EFI_ERROR(efi_status))
 		verbose = verbose_check;