mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2025-01-27 05:50:04 +07:00
966291f634
The macros efi_call_early and efi_call_runtime are used to call EFI boot services and runtime services, respectively. However, the naming is confusing, given that the early vs runtime distinction may suggest that these are used for calling the same set of services either early or late (== at runtime), while in reality, the sets of services they can be used with are completely disjoint, and efi_call_runtime is also only usable in 'early' code. So do a global sweep to replace all occurrences with efi_bs_call or efi_rt_call, respectively, where BS and RT match the idiom used by the UEFI spec to refer to boot time or runtime services. While at it, use 'func' as the macro parameter name for the function pointers, which is less likely to collide and cause weird build errors. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Cc: Arvind Sankar <nivedita@alum.mit.edu> Cc: Borislav Petkov <bp@alien8.de> Cc: James Morse <james.morse@arm.com> Cc: Matt Fleming <matt@codeblueprint.co.uk> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-efi@vger.kernel.org Link: https://lkml.kernel.org/r/20191224151025.32482-24-ardb@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
77 lines
2.1 KiB
C
77 lines
2.1 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Secure boot handling.
|
|
*
|
|
* Copyright (C) 2013,2014 Linaro Limited
|
|
* Roy Franz <roy.franz@linaro.org
|
|
* Copyright (C) 2013 Red Hat, Inc.
|
|
* Mark Salter <msalter@redhat.com>
|
|
*/
|
|
#include <linux/efi.h>
|
|
#include <asm/efi.h>
|
|
|
|
#include "efistub.h"
|
|
|
|
/* BIOS variables */
|
|
static const efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
|
|
static const efi_char16_t efi_SecureBoot_name[] = L"SecureBoot";
|
|
static const efi_char16_t efi_SetupMode_name[] = L"SetupMode";
|
|
|
|
/* SHIM variables */
|
|
static const efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
|
|
static const efi_char16_t shim_MokSBState_name[] = L"MokSBState";
|
|
|
|
/*
|
|
* Determine whether we're in secure boot mode.
|
|
*
|
|
* Please keep the logic in sync with
|
|
* arch/x86/xen/efi.c:xen_efi_get_secureboot().
|
|
*/
|
|
enum efi_secureboot_mode efi_get_secureboot(void)
|
|
{
|
|
u32 attr;
|
|
u8 secboot, setupmode, moksbstate;
|
|
unsigned long size;
|
|
efi_status_t status;
|
|
|
|
size = sizeof(secboot);
|
|
status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid,
|
|
NULL, &size, &secboot);
|
|
if (status == EFI_NOT_FOUND)
|
|
return efi_secureboot_mode_disabled;
|
|
if (status != EFI_SUCCESS)
|
|
goto out_efi_err;
|
|
|
|
size = sizeof(setupmode);
|
|
status = get_efi_var(efi_SetupMode_name, &efi_variable_guid,
|
|
NULL, &size, &setupmode);
|
|
if (status != EFI_SUCCESS)
|
|
goto out_efi_err;
|
|
|
|
if (secboot == 0 || setupmode == 1)
|
|
return efi_secureboot_mode_disabled;
|
|
|
|
/*
|
|
* See if a user has put the shim into insecure mode. If so, and if the
|
|
* variable doesn't have the runtime attribute set, we might as well
|
|
* honor that.
|
|
*/
|
|
size = sizeof(moksbstate);
|
|
status = get_efi_var(shim_MokSBState_name, &shim_guid,
|
|
&attr, &size, &moksbstate);
|
|
|
|
/* If it fails, we don't care why. Default to secure */
|
|
if (status != EFI_SUCCESS)
|
|
goto secure_boot_enabled;
|
|
if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS) && moksbstate == 1)
|
|
return efi_secureboot_mode_disabled;
|
|
|
|
secure_boot_enabled:
|
|
pr_efi("UEFI Secure Boot is enabled.\n");
|
|
return efi_secureboot_mode_enabled;
|
|
|
|
out_efi_err:
|
|
pr_efi_err("Could not determine UEFI Secure Boot status.\n");
|
|
return efi_secureboot_mode_unknown;
|
|
}
|