Back to home page

OSCL-LXR
 
 

     

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * Secure boot handling.
0004  *
0005  * Copyright (C) 2013,2014 Linaro Limited
0006  *     Roy Franz <roy.franz@linaro.org
0007  * Copyright (C) 2013 Red Hat, Inc.
0008  *     Mark Salter <msalter@redhat.com>
0009  */
0010 #include <linux/efi.h>
0011 #include <asm/efi.h>
0012 
0013 #include "efistub.h"
0014 
0015 /* SHIM variables */
0016 static const efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
0017 static const efi_char16_t shim_MokSBState_name[] = L"MokSBStateRT";
0018 
0019 static efi_status_t get_var(efi_char16_t *name, efi_guid_t *vendor, u32 *attr,
0020                 unsigned long *data_size, void *data)
0021 {
0022     return get_efi_var(name, vendor, attr, data_size, data);
0023 }
0024 
0025 /*
0026  * Determine whether we're in secure boot mode.
0027  */
0028 enum efi_secureboot_mode efi_get_secureboot(void)
0029 {
0030     u32 attr;
0031     unsigned long size;
0032     enum efi_secureboot_mode mode;
0033     efi_status_t status;
0034     u8 moksbstate;
0035 
0036     mode = efi_get_secureboot_mode(get_var);
0037     if (mode == efi_secureboot_mode_unknown) {
0038         efi_err("Could not determine UEFI Secure Boot status.\n");
0039         return efi_secureboot_mode_unknown;
0040     }
0041     if (mode != efi_secureboot_mode_enabled)
0042         return mode;
0043 
0044     /*
0045      * See if a user has put the shim into insecure mode. If so, and if the
0046      * variable doesn't have the non-volatile attribute set, we might as
0047      * well honor that.
0048      */
0049     size = sizeof(moksbstate);
0050     status = get_efi_var(shim_MokSBState_name, &shim_guid,
0051                  &attr, &size, &moksbstate);
0052 
0053     /* If it fails, we don't care why. Default to secure */
0054     if (status != EFI_SUCCESS)
0055         goto secure_boot_enabled;
0056     if (!(attr & EFI_VARIABLE_NON_VOLATILE) && moksbstate == 1)
0057         return efi_secureboot_mode_disabled;
0058 
0059 secure_boot_enabled:
0060     efi_info("UEFI Secure Boot is enabled.\n");
0061     return efi_secureboot_mode_enabled;
0062 }
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!