]>
Commit | Line | Data |
---|---|---|
ce0f078f DDM |
1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | ||
776fabbc | 3 | #include "sbat.h" |
ce0f078f DDM |
4 | #include "secure-boot.h" |
5 | #include "util.h" | |
6 | ||
ce0f078f | 7 | BOOLEAN secure_boot_enabled(void) { |
2a7c1675 DDM |
8 | BOOLEAN secure; |
9 | EFI_STATUS err; | |
ce0f078f | 10 | |
2a7c1675 | 11 | err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure); |
ce0f078f | 12 | |
2a7c1675 | 13 | return !EFI_ERROR(err) && secure; |
ce0f078f | 14 | } |
9137c03c | 15 | |
c4964512 JJ |
16 | SecureBootMode secure_boot_mode(void) { |
17 | BOOLEAN secure, audit = FALSE, deployed = FALSE, setup = FALSE; | |
18 | EFI_STATUS err; | |
19 | ||
20 | err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure); | |
21 | if (EFI_ERROR(err)) | |
22 | return SECURE_BOOT_UNSUPPORTED; | |
23 | ||
24 | /* We can assume FALSE for all these if they are abscent (AuditMode and | |
25 | * DeployedMode may not exist on older firmware). */ | |
26 | (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"AuditMode", &audit); | |
27 | (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"DeployedMode", &deployed); | |
28 | (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SetupMode", &setup); | |
29 | ||
30 | return decode_secure_boot_mode(secure, audit, deployed, setup); | |
31 | } | |
32 | ||
9137c03c | 33 | #ifdef SBAT_DISTRO |
776fabbc | 34 | static const char sbat[] _used_ _section_(".sbat") = SBAT_SECTION_TEXT; |
9137c03c | 35 | #endif |