Move the check for the SBAT variable properties to its own function.

This moves the check for the SBAT variable's attributes and contents
into its own function, so that test cases can be written against it.

Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>

2 files changed, 10 insertions, 4 deletions

diff --git a/include/sbat.h b/include/sbat.h
index 5db82379..656bf8d7 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -51,6 +51,7 @@ extern list_t sbat_var;
 EFI_STATUS parse_sbat_var(list_t *entries);
 void cleanup_sbat_var(list_t *entries);
 EFI_STATUS set_sbat_uefi_variable(void);
+bool preserve_sbat_uefi_variable(UINT8 *sbat, UINTN sbatsize, UINT32 attributes);
 
 struct sbat_section_entry {
 	const CHAR8 *component_name;
diff --git a/sbat.c b/sbat.c
index 89c08417..7bd0e4ec 100644
--- a/sbat.c
+++ b/sbat.c
@@ -304,6 +304,14 @@ check_sbat_var_attributes(UINT32 attributes)
 #endif
 }
 
+bool
+preserve_sbat_uefi_variable(UINT8 *sbat, UINTN sbatsize, UINT32 attributes)
+{
+	return check_sbat_var_attributes(attributes) &&
+	       sbatsize >= strlen(SBAT_VAR_SIG "1") &&
+	       strncmp((const char *)sbat, SBAT_VAR_SIG, strlen(SBAT_VAR_SIG));
+}
+
 EFI_STATUS
 set_sbat_uefi_variable(void)
 {
@@ -323,10 +331,7 @@ set_sbat_uefi_variable(void)
 	 */
 	if (EFI_ERROR(efi_status)) {
 		dprint(L"SBAT read failed %r\n", efi_status);
-	} else if (check_sbat_var_attributes(attributes) &&
-		   sbatsize >= strlen(SBAT_VAR_SIG "1") &&
-		   strncmp((const char *)sbat, SBAT_VAR_SIG,
-	                   strlen(SBAT_VAR_SIG))) {
+	} else if (preserve_sbat_uefi_variable(sbat, sbatsize, attributes)) {
 		dprint("SBAT variable is %d bytes, attributes are 0x%08x\n",
 		       sbatsize, attributes);
 		FreePool(sbat);