1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
|
From 6eb407947592e084110a124be089bef167af1383 Mon Sep 17 00:00:00 2001
From: kuqin <kuqin@microsoft.com>
Date: Fri, 15 Apr 2022 13:03:22 -0700
Subject: [PATCH] SecurityPkg: SecureBootVariableLib: Added newly supported
interfaces
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911
This change updated the interfaces provided by SecureBootVariableLib.
The new additions provided interfaces to enroll single authenticated
variable from input, a helper function to query secure boot status,
enroll all secure boot variables from UefiSecureBoot.h defined data
structures, a as well as a routine that deletes all secure boot related
variables.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
[ dannf: Context adjustments ]
Origin: https://github.com/tianocore/edk2/commit/6eb407947592e084110a124be089bef167af1383
Bug: https://bugzilla.tianocore.org/show_bug.cgi?id=4641
Bug-Ubuntu: https://launchpad.net/bugs/2040137
Last-Update: 2024-02-13
@@ -26,4 +26,17 @@
OUT UINT8 *SetupMode
);
+/**
+ Helper function to quickly determine whether SecureBoot is enabled.
+
+ @retval TRUE SecureBoot is verifiably enabled.
+ @retval FALSE SecureBoot is either disabled or an error prevented checkng.
+
+**/
+BOOLEAN
+EFIAPI
+IsSecureBootEnabled (
+ VOID
+ );
+
#endif
@@ -51,3 +51,41 @@
return EFI_SUCCESS;
}
+
+/**
+ Helper function to quickly determine whether SecureBoot is enabled.
+
+ @retval TRUE SecureBoot is verifiably enabled.
+ @retval FALSE SecureBoot is either disabled or an error prevented checking.
+
+**/
+BOOLEAN
+EFIAPI
+IsSecureBootEnabled (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *SecureBoot;
+
+ SecureBoot = NULL;
+
+ Status = GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID **)&SecureBoot, NULL);
+ //
+ // Skip verification if SecureBoot variable doesn't exist.
+ //
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Cannot check SecureBoot variable %r \n ", Status));
+ return FALSE;
+ }
+
+ //
+ // Skip verification if SecureBoot is disabled but not AuditMode
+ //
+ if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {
+ FreePool (SecureBoot);
+ return FALSE;
+ } else {
+ return TRUE;
+ }
+}
|