#include "measure.h"
#include "pe.h"
#include "random-seed.h"
+#include "secure-boot.h"
#include "shim.h"
#include "util.h"
static VOID print_status(Config *config, CHAR16 *loaded_image_path) {
UINT64 key;
UINTN i;
- _cleanup_freepool_ CHAR8 *bootvar = NULL, *modevar = NULL, *indvar = NULL;
+ _cleanup_freepool_ CHAR8 *modevar = NULL, *indvar = NULL;
_cleanup_freepool_ CHAR16 *partstr = NULL, *defaultstr = NULL;
UINTN x, y, size;
if (uefi_call_wrapper(ST->ConOut->QueryMode, 4, ST->ConOut, ST->ConOut->Mode->Mode, &x, &y) == EFI_SUCCESS)
Print(L"console size: %d x %d\n", x, y);
- if (efivar_get_raw(&global_guid, L"SecureBoot", &bootvar, &size) == EFI_SUCCESS)
- Print(L"SecureBoot: %s\n", yes_no(*bootvar > 0));
+ Print(L"SecureBoot: %s\n", yes_no(secure_boot_enabled()));
if (efivar_get_raw(&global_guid, L"SetupMode", &modevar, &size) == EFI_SUCCESS)
Print(L"SetupMode: %s\n", *modevar > 0 ? L"setup" : L"user");
graphics.c
measure.c
pe.c
+ secure-boot.c
util.c
'''.split()
#include "missing_efi.h"
#include "random-seed.h"
+#include "secure-boot.h"
#include "sha256.h"
#include "util.h"
-#include "shim.h"
#define RANDOM_MAX_SIZE_MIN (32U)
#define RANDOM_MAX_SIZE_MAX (32U*1024U)
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "secure-boot.h"
+#include "util.h"
+
+static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;
+
+BOOLEAN secure_boot_enabled(void) {
+ _cleanup_freepool_ CHAR8 *b = NULL;
+ UINTN size;
+
+ if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS)
+ return *b > 0;
+
+ return FALSE;
+}
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <efi.h>
+
+BOOLEAN secure_boot_enabled(void);
};
static const EFI_GUID simple_fs_guid = SIMPLE_FILE_SYSTEM_PROTOCOL;
-static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;
static const EFI_GUID security_protocol_guid = { 0xa46423e3, 0x4617, 0x49f1, {0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } };
static const EFI_GUID security2_protocol_guid = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } };
return shim_lock->shim_verify(data, size) == EFI_SUCCESS;
}
-BOOLEAN secure_boot_enabled(void) {
- _cleanup_freepool_ CHAR8 *b = NULL;
- UINTN size;
-
- if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS)
- return *b > 0;
-
- return FALSE;
-}
-
/*
* See the UEFI Platform Initialization manual (Vol2: DXE) for this
*/
BOOLEAN shim_loaded(void);
-BOOLEAN secure_boot_enabled(void);
-
EFI_STATUS security_policy_install(void);
#include "linux.h"
#include "measure.h"
#include "pe.h"
+#include "secure-boot.h"
#include "splash.h"
#include "util.h"
/* magic string to find in the binary image */
static const char __attribute__((used)) magic[] = "#### LoaderInfo: systemd-stub " GIT_VERSION " ####";
-static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;
-
EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
EFI_LOADED_IMAGE *loaded_image;
- _cleanup_freepool_ CHAR8 *b = NULL;
- UINTN size;
- BOOLEAN secure = FALSE;
CHAR8 *sections[] = {
(CHAR8 *)".cmdline",
(CHAR8 *)".linux",
return err;
}
- if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS)
- if (*b > 0)
- secure = TRUE;
-
err = pe_memory_locate_sections(loaded_image->ImageBase, sections, addrs, offs, szs);
if (EFI_ERROR(err)) {
Print(L"Unable to locate embedded .linux section: %r ", err);
cmdline_len = szs[0];
/* if we are not in secure boot mode, or none was provided, accept a custom command line and replace the built-in one */
- if ((!secure || cmdline_len == 0) && loaded_image->LoadOptionsSize > 0 && *(CHAR16 *)loaded_image->LoadOptions > 0x1F) {
+ if ((!secure_boot_enabled() || cmdline_len == 0) && loaded_image->LoadOptionsSize > 0 &&
+ *(CHAR16 *) loaded_image->LoadOptions > 0x1F) {
CHAR16 *options;
CHAR8 *line;
UINTN i;
projects / thirdparty / systemd.git / commitdiff
