shim: add HSIStatus feature

hughsie asked me if I can make shim tell userland what kinds of accesses are allowed to the heap, stack, and allocations on the running platform, so that these could be reported up through fwupd's Host Security ID program (see https://fwupd.github.io/libfwupdplugin/hsi.html ). This adds a new config-only (i.e. not a UEFI variable) variable generated during boot, "/sys/firmware/efi/mok-variables/HSIStatus", which tells us those properties as well as if the EFI Memory Attribute Protocol is present. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2024-05-15 16:13:13 -0400
committer: Peter Jones <pjones@redhat.com> 2025-02-24 15:24:24 -0500
commit: 848667d0f3a99401d93c93b3af16b55e3fb28cea (patch)
tree: dea7e69bef8e20ed687b38c99b7f7e06d3f7abbd /globals.c
parent: 589c3f289e05454be23507767439cb9769a2264a (diff)
download: efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.tar.gz
efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/globals.c b/globals.c
index d574df16..de64c44c 100644
--- a/globals.c
+++ b/globals.c
@@ -28,6 +28,7 @@ verification_method_t verification_method;
 SHIM_IMAGE_LOADER shim_image_loader_interface;
 
 UINT8 user_insecure_mode;
+UINTN hsi_status = 0;
 UINT8 ignore_db;
 UINT8 trust_mok_list;
 UINT8 mok_policy = 0;
author	Peter Jones <pjones@redhat.com>	2024-05-15 16:13:13 -0400
committer	Peter Jones <pjones@redhat.com>	2025-02-24 15:24:24 -0500
commit	848667d0f3a99401d93c93b3af16b55e3fb28cea (patch)
tree	dea7e69bef8e20ed687b38c99b7f7e06d3f7abbd /globals.c
parent	589c3f289e05454be23507767439cb9769a2264a (diff)
download	efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.tar.gz efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.zip