shim: add HSIStatus feature

hughsie asked me if I can make shim tell userland what kinds of accesses are allowed to the heap, stack, and allocations on the running platform, so that these could be reported up through fwupd's Host Security ID program (see https://fwupd.github.io/libfwupdplugin/hsi.html ). This adds a new config-only (i.e. not a UEFI variable) variable generated during boot, "/sys/firmware/efi/mok-variables/HSIStatus", which tells us those properties as well as if the EFI Memory Attribute Protocol is present. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2024-05-15 16:13:13 -0400
committer: Peter Jones <pjones@redhat.com> 2025-02-24 15:24:24 -0500
commit: 848667d0f3a99401d93c93b3af16b55e3fb28cea (patch)
tree: dea7e69bef8e20ed687b38c99b7f7e06d3f7abbd /include/memattrs.h
parent: 589c3f289e05454be23507767439cb9769a2264a (diff)
download: efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.tar.gz
efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/include/memattrs.h b/include/memattrs.h
index 8fefef22..5c40b4cc 100644
--- a/include/memattrs.h
+++ b/include/memattrs.h
@@ -11,5 +11,7 @@ extern EFI_STATUS get_mem_attrs (uintptr_t addr, size_t size, uint64_t *attrs);
 extern EFI_STATUS update_mem_attrs(uintptr_t addr, uint64_t size,
 				   uint64_t set_attrs, uint64_t clear_attrs);
 
+extern void get_hsi_mem_info(void);
+
 #endif /* !SHIM_MEMATTRS_H_ */
 // vim:fenc=utf-8:tw=75:noet
author	Peter Jones <pjones@redhat.com>	2024-05-15 16:13:13 -0400
committer	Peter Jones <pjones@redhat.com>	2025-02-24 15:24:24 -0500
commit	848667d0f3a99401d93c93b3af16b55e3fb28cea (patch)
tree	dea7e69bef8e20ed687b38c99b7f7e06d3f7abbd /include/memattrs.h
parent	589c3f289e05454be23507767439cb9769a2264a (diff)
download	efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.tar.gz efi-boot-shim-848667d0f3a99401d93c93b3af16b55e3fb28cea.zip