proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-14 10:15:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

shim: mirror MokSBState in runtime so the kernel can make use of it.

Browse Source 
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
This commit is contained in:
Mathieu Trudel-Lapierre 2016-01-11 15:40:54 -05:00 committed by Peter Jones
parent 99257c6c30
commit 8f1bd605d0
1 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
shim.c
View File

@ -1828,6 +1828,33 @@ EFI_STATUS mirror_mok_list_x()
return efi_status; return efi_status;
} }
/*
* Copy the boot-services only MokSBState variable to the runtime-accessible
* MokSBStateRT variable. It's not marked NV, so the OS can't modify it.
*/
EFI_STATUS mirror_mok_sb_state()
{
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
EFI_STATUS efi_status;
UINT8 *Data = NULL;
UINTN DataSize = 0;
efi_status = get_variable(L"MokSBState", &Data, &DataSize, shim_lock_guid);
if (efi_status != EFI_SUCCESS)
return efi_status;
efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokSBStateRT",
&shim_lock_guid,
EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS,
DataSize, Data);
if (efi_status != EFI_SUCCESS) {
console_error(L"Failed to set MokSBStateRT", efi_status);
}
return efi_status;
}
/* /*
* Check if a variable exists * Check if a variable exists
*/ */
@ -2489,6 +2516,12 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
efi_status = mirror_mok_list_x(); efi_status = mirror_mok_list_x();
/*
* Copy the MOK SB State to a runtime variable so the kernel can
* make use of it
*/
efi_status = mirror_mok_sb_state();
/* /*
* Create the runtime MokIgnoreDB variable so the kernel can * Create the runtime MokIgnoreDB variable so the kernel can
* make use of it * make use of it