proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-26 06:11:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check the secure variables with the lib functions

Browse Source 
There are functions defined in lib to check the secure variables.
Use the functions to shun the duplicate code.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

Conflicts:
	shim.c
This commit is contained in:
Gary Ching-Pang Lin 2013-10-31 16:08:32 +08:00 committed by Peter Jones
parent 86173dba42
commit 868b372115
2 changed files with 12 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/variables.c
View File

@ -284,9 +284,12 @@ variable_is_setupmode(void)
/* set to 1 because we return true if SetupMode doesn't exist */ /* set to 1 because we return true if SetupMode doesn't exist */
UINT8 SetupMode = 1; UINT8 SetupMode = 1;
UINTN DataSize = sizeof(SetupMode); UINTN DataSize = sizeof(SetupMode);
EFI_STATUS status;
uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL,
&DataSize, &SetupMode); &DataSize, &SetupMode);
if (EFI_ERROR(status))
return 1;
return SetupMode; return SetupMode;
} }
@ -297,10 +300,13 @@ variable_is_secureboot(void)
/* return false if variable doesn't exist */ /* return false if variable doesn't exist */
UINT8 SecureBoot = 0; UINT8 SecureBoot = 0;
UINTN DataSize; UINTN DataSize;
EFI_STATUS status;
DataSize = sizeof(SecureBoot); DataSize = sizeof(SecureBoot);
uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL,
&DataSize, &SecureBoot); &DataSize, &SecureBoot);
if (EFI_ERROR(status))
return 0;
return SecureBoot; return SecureBoot;
} }

32
shim.c
View File

@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
static BOOLEAN secure_mode (void) static BOOLEAN secure_mode (void)
{ {
EFI_STATUS status;
EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
UINTN len;
UINT8 *Data;
UINT8 sb, setupmode;
if (user_insecure_mode) if (user_insecure_mode)
return FALSE; return FALSE;
status = get_variable(L"SecureBoot", &Data, &len, global_var); if (variable_is_secureboot() != 1) {
if (status != EFI_SUCCESS) {
if (verbose && !in_protocol)
console_notify(L"Secure boot not enabled");
return FALSE;
}
sb = *Data;
FreePool(Data);
if (sb != 1) {
if (verbose && !in_protocol) if (verbose && !in_protocol)
console_notify(L"Secure boot not enabled"); console_notify(L"Secure boot not enabled");
return FALSE; return FALSE;
} }
/* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", if (variable_is_setupmode() == 1) {
* then the implementation is bad, but we assume that secure boot is
* enabled according to the status of "SecureBoot". If we have both
* of them, then "SetupMode" may tell us additional data, and we need
* to consider it.
*/
status = get_variable(L"SetupMode", &Data, &len, global_var);
if (status != EFI_SUCCESS)
return TRUE;
setupmode = *Data;
FreePool(Data);
if (setupmode == 1) {
if (verbose && !in_protocol) if (verbose && !in_protocol)
console_notify(L"Platform is in setup mode"); console_notify(L"Platform is in setup mode");
return FALSE; return FALSE;