diff options
| author | Gary Ching-Pang Lin <glin@suse.com> | 2012-09-11 16:34:25 +0800 |
|---|---|---|
| committer | Gary Ching-Pang Lin <glin@suse.com> | 2012-09-11 16:34:25 +0800 |
| commit | e470969e4ebd029eaceebcd065af1461a52fe83d (patch) | |
| tree | 003a5c88712aed678aa1b4a85d2ad825500ba62b | |
| parent | 31d3bd054ad0b25ccb53daf16ce34d6d295499bc (diff) | |
| download | efi-boot-shim-e470969e4ebd029eaceebcd065af1461a52fe83d.tar.gz efi-boot-shim-e470969e4ebd029eaceebcd065af1461a52fe83d.zip | |
Only launch MokManager when necessary
| -rw-r--r-- | shim.c | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -87,6 +87,16 @@ static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid, UINT32 *attributes, return efi_status; } +static EFI_STATUS delete_variable (CHAR16 *name, EFI_GUID guid) +{ + EFI_STATUS efi_status; + + efi_status = uefi_call_wrapper(RT->SetVariable, 5, name, &guid, + 0, 0, (UINT8 *)NULL); + + return efi_status; +} + /* * Perform basic bounds checking of the intra-image pointers */ @@ -940,13 +950,24 @@ done: EFI_STATUS check_mok_request(EFI_HANDLE image_handle) { + EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; EFI_STATUS efi_status; EFI_LOADED_IMAGE *li; EFI_DEVICE_PATH *mokpath; CHAR16 *PathName; EFI_GUID loaded_image_protocol = LOADED_IMAGE_PROTOCOL; + UINTN uint8size = sizeof(UINT8); + UINT8 MokMgmt = 0; + UINT32 attributes; + + if (!secure_mode()) + return EFI_SUCCESS; - /* TODO Check whether there is a request */ + efi_status = get_variable(L"MokMgmt", shim_lock_guid, &attributes, + &uint8size, (void *)&MokMgmt); + + if (efi_status != EFI_SUCCESS || MokMgmt == 0) + goto done; efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle, &loaded_image_protocol, &li); @@ -970,6 +991,11 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) goto done; } done: + if (MokMgmt == 1) { + if (delete_variable(L"MokMgmt", shim_lock_guid) != EFI_SUCCESS) { + Print(L"Failed to delete MokMgmt\n"); + } + } return efi_status; } |