Commit 7a72592b authored by Gary Ching-Pang Lin's avatar Gary Ching-Pang Lin Committed by Peter Jones

Check the secure variables with the lib functions

There are functions defined in lib to check the secure variables.
Use the functions to shun the duplicate code.
Signed-off-by: default avatarGary Ching-Pang Lin <glin@suse.com>

Conflicts:
	shim.c
parent 3b414422
......@@ -284,9 +284,12 @@ variable_is_setupmode(void)
/* set to 1 because we return true if SetupMode doesn't exist */
UINT8 SetupMode = 1;
UINTN DataSize = sizeof(SetupMode);
EFI_STATUS status;
uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL,
&DataSize, &SetupMode);
status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL,
&DataSize, &SetupMode);
if (EFI_ERROR(status))
return 1;
return SetupMode;
}
......@@ -297,10 +300,13 @@ variable_is_secureboot(void)
/* return false if variable doesn't exist */
UINT8 SecureBoot = 0;
UINTN DataSize;
EFI_STATUS status;
DataSize = sizeof(SecureBoot);
uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL,
&DataSize, &SecureBoot);
status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL,
&DataSize, &SecureBoot);
if (EFI_ERROR(status))
return 0;
return SecureBoot;
}
......
......@@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
static BOOLEAN secure_mode (void)
{
EFI_STATUS status;
EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
UINTN len;
UINT8 *Data;
UINT8 sb, setupmode;
if (user_insecure_mode)
return FALSE;
status = get_variable(L"SecureBoot", &Data, &len, global_var);
if (status != EFI_SUCCESS) {
if (variable_is_secureboot() != 1) {
if (verbose && !in_protocol)
console_notify(L"Secure boot not enabled");
return FALSE;
}
sb = *Data;
FreePool(Data);
if (sb != 1) {
if (verbose && !in_protocol)
console_notify(L"Secure boot not enabled");
return FALSE;
}
/* If we /do/ have "SecureBoot", but /don't/ have "SetupMode",
* then the implementation is bad, but we assume that secure boot is
* enabled according to the status of "SecureBoot". If we have both
* of them, then "SetupMode" may tell us additional data, and we need
* to consider it.
*/
status = get_variable(L"SetupMode", &Data, &len, global_var);
if (status != EFI_SUCCESS)
return TRUE;
setupmode = *Data;
FreePool(Data);
if (setupmode == 1) {
if (variable_is_setupmode() == 1) {
if (verbose && !in_protocol)
console_notify(L"Platform is in setup mode");
return FALSE;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment