mirror of
https://github.com/Fishwaldo/u-boot.git
synced 2025-03-15 19:51:37 +00:00
efi_loader: correct determination of secure boot state
When U-Boot is started we have to use the existing variables to determine in which secure boot state we are. * If a platform key PK is present and DeployedMode=1, we are in deployed mode. * If no platform key PK is present and AuditMode=1, we are in audit mode. * Otherwise if a platform key is present, we are in user mode. * Otherwise if no platform key is present, we are in setup mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
parent
b191aa429e
commit
7219856dae
1 changed files with 30 additions and 7 deletions
|
@ -314,17 +314,40 @@ err:
|
|||
|
||||
efi_status_t efi_init_secure_state(void)
|
||||
{
|
||||
enum efi_secure_mode mode = EFI_MODE_SETUP;
|
||||
enum efi_secure_mode mode;
|
||||
u8 efi_vendor_keys = 0;
|
||||
efi_uintn_t size = 0;
|
||||
efi_uintn_t size;
|
||||
efi_status_t ret;
|
||||
u8 deployed_mode = 0;
|
||||
u8 audit_mode = 0;
|
||||
u8 setup_mode = 1;
|
||||
|
||||
ret = efi_get_variable_int(L"PK", &efi_global_variable_guid,
|
||||
NULL, &size, NULL, NULL);
|
||||
if (ret == EFI_BUFFER_TOO_SMALL) {
|
||||
if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
|
||||
mode = EFI_MODE_USER;
|
||||
if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT)) {
|
||||
size = sizeof(deployed_mode);
|
||||
ret = efi_get_variable_int(u"DeployedMode", &efi_global_variable_guid,
|
||||
NULL, &size, &deployed_mode, NULL);
|
||||
size = sizeof(audit_mode);
|
||||
ret = efi_get_variable_int(u"AuditMode", &efi_global_variable_guid,
|
||||
NULL, &size, &audit_mode, NULL);
|
||||
size = 0;
|
||||
ret = efi_get_variable_int(u"PK", &efi_global_variable_guid,
|
||||
NULL, &size, NULL, NULL);
|
||||
if (ret == EFI_BUFFER_TOO_SMALL) {
|
||||
setup_mode = 0;
|
||||
audit_mode = 0;
|
||||
} else {
|
||||
setup_mode = 1;
|
||||
deployed_mode = 0;
|
||||
}
|
||||
}
|
||||
if (deployed_mode)
|
||||
mode = EFI_MODE_DEPLOYED;
|
||||
else if (audit_mode)
|
||||
mode = EFI_MODE_AUDIT;
|
||||
else if (setup_mode)
|
||||
mode = EFI_MODE_SETUP;
|
||||
else
|
||||
mode = EFI_MODE_USER;
|
||||
|
||||
ret = efi_transfer_secure_state(mode);
|
||||
if (ret != EFI_SUCCESS)
|
||||
|
|
Loading…
Add table
Reference in a new issue