[thirdparty/systemd.git] / src / boot / efi / secure-boot.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include "sbat.h"
#include "secure-boot.h"
#include "util.h"

BOOLEAN secure_boot_enabled(void) {
        BOOLEAN secure;
        EFI_STATUS err;

        err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure);

        return !EFI_ERROR(err) && secure;
}

SecureBootMode secure_boot_mode(void) {
        BOOLEAN secure, audit = FALSE, deployed = FALSE, setup = FALSE;
        EFI_STATUS err;

        err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure);
        if (EFI_ERROR(err))
                return SECURE_BOOT_UNSUPPORTED;

        /* We can assume FALSE for all these if they are abscent (AuditMode and
         * DeployedMode may not exist on older firmware). */
        (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"AuditMode", &audit);
        (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"DeployedMode", &deployed);
        (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SetupMode", &setup);

        return decode_secure_boot_mode(secure, audit, deployed, setup);
}

#ifdef SBAT_DISTRO
static const char sbat[] _used_ _section_(".sbat") = SBAT_SECTION_TEXT;
#endif
Commit	Line	Data
ce0f078f DDM	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
ce0f078f DDM	2
776fabbc	3	#include "sbat.h"
ce0f078f DDM	4	#include "secure-boot.h"
	5	#include "util.h"
	6
ce0f078f	7	BOOLEAN secure_boot_enabled(void) {
2a7c1675 DDM	8	BOOLEAN secure;
2a7c1675 DDM	9	EFI_STATUS err;
ce0f078f	10
2a7c1675	11	err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure);
ce0f078f	12
2a7c1675	13	return !EFI_ERROR(err) && secure;
ce0f078f	14	}
9137c03c	15
c4964512 JJ	16	SecureBootMode secure_boot_mode(void) {
	17	BOOLEAN secure, audit = FALSE, deployed = FALSE, setup = FALSE;
	18	EFI_STATUS err;
	19
	20	err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure);
	21	if (EFI_ERROR(err))
	22	return SECURE_BOOT_UNSUPPORTED;
	23
	24	/* We can assume FALSE for all these if they are abscent (AuditMode and
	25	* DeployedMode may not exist on older firmware). */
	26	(void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"AuditMode", &audit);
	27	(void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"DeployedMode", &deployed);
	28	(void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SetupMode", &setup);
	29
	30	return decode_secure_boot_mode(secure, audit, deployed, setup);
	31	}
	32
9137c03c	33	#ifdef SBAT_DISTRO
776fabbc	34	static const char sbat[] _used_ _section_(".sbat") = SBAT_SECTION_TEXT;
9137c03c	35	#endif