LM
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

efi_loader: factor out the common code from efi_transfer_secure_state() 

efi_set_secure_stat() provides the common code for each stat transition
caused by efi_transfer_secure_state().

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Correct description of return value.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
AKASHI Takahiro 2020-04-21 09:39:20 +09:00 committed by Heinrich Schuchardt
parent 964d5326c9
commit f0ff75f249
1 changed files with 64 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
lib/efi_loader/efi_variable.c
View File

@ -176,6 +176,59 @@ static efi_status_t efi_set_variable_internal(u16 *variable_name,
const void *data, const void *data,
bool ro_check); bool ro_check);
/**
* efi_set_secure_state - modify secure boot state variables
* @sec_boot: value of SecureBoot
* @setup_mode: value of SetupMode
* @audit_mode: value of AuditMode
* @deployed_mode: value of DeployedMode
*
* Modify secure boot stat-related variables as indicated.
*
* Return: status code
*/
static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode,
int audit_mode, int deployed_mode)
{
u32 attributes;
efi_status_t ret;
attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS |
READ_ONLY;
ret = efi_set_variable_internal(L"SecureBoot",
&efi_global_variable_guid,
attributes,
sizeof(sec_boot), &sec_boot,
false);
if (ret != EFI_SUCCESS)
goto err;
ret = efi_set_variable_internal(L"SetupMode",
&efi_global_variable_guid,
attributes,
sizeof(setup_mode), &setup_mode,
false);
if (ret != EFI_SUCCESS)
goto err;
ret = efi_set_variable_internal(L"AuditMode",
&efi_global_variable_guid,
attributes,
sizeof(audit_mode), &audit_mode,
false);
if (ret != EFI_SUCCESS)
goto err;
ret = efi_set_variable_internal(L"DeployedMode",
&efi_global_variable_guid,
attributes,
sizeof(deployed_mode), &deployed_mode,
false);
err:
return ret;
}
/** /**
* efi_transfer_secure_state - handle a secure boot state transition * efi_transfer_secure_state - handle a secure boot state transition
* @mode: new state * @mode: new state
@ -188,157 +241,38 @@ static efi_status_t efi_set_variable_internal(u16 *variable_name,
*/ */
static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode) static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
{ {
u32 attributes;
u8 val;
efi_status_t ret; efi_status_t ret;
debug("Secure state from %d to %d\n", efi_secure_mode, mode); debug("Switching secure state from %d to %d\n", efi_secure_mode, mode);
attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS;
if (mode == EFI_MODE_DEPLOYED) { if (mode == EFI_MODE_DEPLOYED) {
val = 1; ret = efi_set_secure_state(1, 0, 0, 1);
ret = efi_set_variable_internal(L"SecureBoot",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"SetupMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"AuditMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 1;
ret = efi_set_variable_internal(L"DeployedMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
efi_secure_boot = true; efi_secure_boot = true;
} else if (mode == EFI_MODE_AUDIT) { } else if (mode == EFI_MODE_AUDIT) {
ret = efi_set_variable_internal(L"PK", ret = efi_set_variable_internal(
&efi_global_variable_guid, L"PK", &efi_global_variable_guid,
attributes, EFI_VARIABLE_BOOTSERVICE_ACCESS |
0, NULL, EFI_VARIABLE_RUNTIME_ACCESS,
false); 0, NULL, false);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
val = 0;
ret = efi_set_variable_internal(L"SecureBoot", ret = efi_set_secure_state(0, 1, 1, 0);
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 1;
ret = efi_set_variable_internal(L"SetupMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 1;
ret = efi_set_variable_internal(L"AuditMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"DeployedMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
efi_secure_boot = true; efi_secure_boot = true;
} else if (mode == EFI_MODE_USER) { } else if (mode == EFI_MODE_USER) {
val = 1; ret = efi_set_secure_state(1, 0, 0, 0);
ret = efi_set_variable_internal(L"SecureBoot",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"SetupMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"AuditMode",
&efi_global_variable_guid,
attributes,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"DeployedMode",
&efi_global_variable_guid,
attributes,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
efi_secure_boot = true; efi_secure_boot = true;
} else if (mode == EFI_MODE_SETUP) { } else if (mode == EFI_MODE_SETUP) {
val = 0; ret = efi_set_secure_state(0, 1, 0, 0);
ret = efi_set_variable_internal(L"SecureBoot",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 1;
ret = efi_set_variable_internal(L"SetupMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"AuditMode",
&efi_global_variable_guid,
attributes,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS)
goto err;
val = 0;
ret = efi_set_variable_internal(L"DeployedMode",
&efi_global_variable_guid,
attributes | READ_ONLY,
sizeof(val), &val,
false);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto err; goto err;
} else { } else {