bool ro_check);
/**
+ * efi_set_secure_state - modify secure boot state variables
+ * @sec_boot: value of SecureBoot
+ * @setup_mode: value of SetupMode
+ * @audit_mode: value of AuditMode
+ * @deployed_mode: value of DeployedMode
+ *
+ * Modify secure boot stat-related variables as indicated.
+ *
+ * Return: status code
+ */
+static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode,
+ int audit_mode, int deployed_mode)
+{
+ u32 attributes;
+ efi_status_t ret;
+
+ attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS |
+ READ_ONLY;
+ ret = efi_set_variable_internal(L"SecureBoot",
+ &efi_global_variable_guid,
+ attributes,
+ sizeof(sec_boot), &sec_boot,
+ false);
+ if (ret != EFI_SUCCESS)
+ goto err;
+
+ ret = efi_set_variable_internal(L"SetupMode",
+ &efi_global_variable_guid,
+ attributes,
+ sizeof(setup_mode), &setup_mode,
+ false);
+ if (ret != EFI_SUCCESS)
+ goto err;
+
+ ret = efi_set_variable_internal(L"AuditMode",
+ &efi_global_variable_guid,
+ attributes,
+ sizeof(audit_mode), &audit_mode,
+ false);
+ if (ret != EFI_SUCCESS)
+ goto err;
+
+ ret = efi_set_variable_internal(L"DeployedMode",
+ &efi_global_variable_guid,
+ attributes,
+ sizeof(deployed_mode), &deployed_mode,
+ false);
+err:
+ return ret;
+}
+
+/**
* efi_transfer_secure_state - handle a secure boot state transition
* @mode: new state
*
*/
static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
{
- u32 attributes;
- u8 val;
efi_status_t ret;
- debug("Secure state from %d to %d\n", efi_secure_mode, mode);
+ debug("Switching secure state from %d to %d\n", efi_secure_mode, mode);
- attributes = EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_RUNTIME_ACCESS;
if (mode == EFI_MODE_DEPLOYED) {
- val = 1;
- ret = efi_set_variable_internal(L"SecureBoot",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"SetupMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"AuditMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 1;
- ret = efi_set_variable_internal(L"DeployedMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
+ ret = efi_set_secure_state(1, 0, 0, 1);
if (ret != EFI_SUCCESS)
goto err;
efi_secure_boot = true;
} else if (mode == EFI_MODE_AUDIT) {
- ret = efi_set_variable_internal(L"PK",
- &efi_global_variable_guid,
- attributes,
- 0, NULL,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"SecureBoot",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
+ ret = efi_set_variable_internal(
+ L"PK", &efi_global_variable_guid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ 0, NULL, false);
if (ret != EFI_SUCCESS)
goto err;
- val = 1;
- ret = efi_set_variable_internal(L"SetupMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 1;
- ret = efi_set_variable_internal(L"AuditMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"DeployedMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
+
+ ret = efi_set_secure_state(0, 1, 1, 0);
if (ret != EFI_SUCCESS)
goto err;
efi_secure_boot = true;
} else if (mode == EFI_MODE_USER) {
- val = 1;
- ret = efi_set_variable_internal(L"SecureBoot",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"SetupMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"AuditMode",
- &efi_global_variable_guid,
- attributes,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"DeployedMode",
- &efi_global_variable_guid,
- attributes,
- sizeof(val), &val,
- false);
+ ret = efi_set_secure_state(1, 0, 0, 0);
if (ret != EFI_SUCCESS)
goto err;
efi_secure_boot = true;
} else if (mode == EFI_MODE_SETUP) {
- val = 0;
- ret = efi_set_variable_internal(L"SecureBoot",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 1;
- ret = efi_set_variable_internal(L"SetupMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"AuditMode",
- &efi_global_variable_guid,
- attributes,
- sizeof(val), &val,
- false);
- if (ret != EFI_SUCCESS)
- goto err;
- val = 0;
- ret = efi_set_variable_internal(L"DeployedMode",
- &efi_global_variable_guid,
- attributes | READ_ONLY,
- sizeof(val), &val,
- false);
+ ret = efi_set_secure_state(0, 1, 0, 0);
if (ret != EFI_SUCCESS)
goto err;
} else {
efi_status_t EFIAPI efi_get_variable_common(u16 *variable_name,
const efi_guid_t *vendor,
u32 *attributes,
- efi_uintn_t *data_size, void *data,
- bool is_non_volatile)
+ efi_uintn_t *data_size, void *data)
{
char *native_name;
efi_status_t ret;
return ret;
}
-static
-efi_status_t EFIAPI efi_get_volatile_variable(u16 *variable_name,
- const efi_guid_t *vendor,
- u32 *attributes,
- efi_uintn_t *data_size,
- void *data)
-{
- return efi_get_variable_common(variable_name, vendor, attributes,
- data_size, data, false);
-}
-
-efi_status_t EFIAPI efi_get_nonvolatile_variable(u16 *variable_name,
- const efi_guid_t *vendor,
- u32 *attributes,
- efi_uintn_t *data_size,
- void *data)
-{
- return efi_get_variable_common(variable_name, vendor, attributes,
- data_size, data, true);
-}
-
/**
* efi_efi_get_variable() - retrieve value of a UEFI variable
*
EFI_ENTRY("\"%ls\" %pUl %p %p %p", variable_name, vendor, attributes,
data_size, data);
- ret = efi_get_volatile_variable(variable_name, vendor, attributes,
- data_size, data);
- if (ret == EFI_NOT_FOUND)
- ret = efi_get_nonvolatile_variable(variable_name, vendor,
- attributes, data_size, data);
-
+ ret = efi_get_variable_common(variable_name, vendor, attributes,
+ data_size, data);
return EFI_EXIT(ret);
}
projects / platform / kernel / u-boot.git / blobdiff