diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2019-02-09 21:28:06 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2019-02-09 21:32:44 -0800 |
| commit | ab4c731c1dd379acd3e95971af57401fb0a650a1 (patch) | |
| tree | 6a26fb8d0746cbbaa6c2d4b242c73442bcc1df06 /lib | |
| parent | 0d63079c7da8e86104ce4bbdae2f6cb8d2ea40c6 (diff) | |
| parent | 9c12130f9cd2ae11a9336813dd1f1669c0b64ad0 (diff) | |
| download | efi-boot-shim-debian/15+1533136590.3beb971-1.tar.gz efi-boot-shim-debian/15+1533136590.3beb971-1.zip | |
* New upstream release.debian/15+1533136590.3beb971-1
- debian/patches/second-stage-path: dropped; the default loader path now
includes an arch suffix.
- debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
- debian/copyright: Update upstream source location.
- debian/control: add a Build-Depends on libelf-dev.
- Enable arm64 build.
- debian/patches/fixup_git.patch: don't run git in clean; we're not
really in a git tree.
- debian/rules, debian/shim.install: use the upstream install target as
intended, and move files to the target directory using dh_install.
- define RELEASE and COMMIT_ID for the snapshot.
- Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
- Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
options: set MAKELEVEL.
- Define an EFI_ARCH variable, and use that for paths to shim. This
makes it possible to build a shim for other architectures than amd64.
- Set EFIDIR=$distro for dh_auto_install; that will let files be installed
in the "right" final directories, and makes boot.csv for us.
- Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
at compile-time for MokManager and fallback.
- Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
and MokManager.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile | 5 | ||||
| -rw-r--r-- | lib/configtable.c | 33 | ||||
| -rw-r--r-- | lib/console.c | 272 | ||||
| -rw-r--r-- | lib/execute.c | 35 | ||||
| -rw-r--r-- | lib/guid.c | 27 | ||||
| -rw-r--r-- | lib/security_policy.c | 104 | ||||
| -rw-r--r-- | lib/shell.c | 16 | ||||
| -rw-r--r-- | lib/simple_file.c | 194 | ||||
| -rw-r--r-- | lib/variables.c | 260 |
9 files changed, 511 insertions, 435 deletions
diff --git a/lib/Makefile b/lib/Makefile index d93a26de..db5ff711 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -2,10 +2,11 @@ TARGET = lib.a LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o security_policy.o -EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I../include +EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I$(TOPDIR)/../include \ + -I$(TOPDIR)/CryptLib/Include/openssl/ lib.a: $(LIBFILES) - ar rcs lib.a $(LIBFILES) + $(AR) rcs lib.a $(LIBFILES) all: $(TARGET) diff --git a/lib/configtable.c b/lib/configtable.c index edf2ed74..df047f0e 100644 --- a/lib/configtable.c +++ b/lib/configtable.c @@ -8,8 +8,7 @@ #include <efi.h> #include <efilib.h> -#include <guid.h> -#include <configtable.h> +#include "shim.h" void * configtable_get_table(EFI_GUID *guid) @@ -46,26 +45,26 @@ configtable_find_image(const EFI_DEVICE_PATH *DevicePath) int i; for (i = 0; i < entries; i++) { #ifdef DEBUG_CONFIG - Print(L"InfoSize = %d Action = %d\n", e->InfoSize, e->Action); + console_print(L"InfoSize = %d Action = %d\n", e->InfoSize, e->Action); /* print what we have for debugging */ UINT8 *d = (UINT8 *)e; // + sizeof(UINT32)*2; - Print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", + console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); d += 16; - Print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", + console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); d += 16; - Print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", + console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); d += 16; - Print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", + console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); d += 16; - Print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", + console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); d += 16; - Print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", + console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); #endif CHAR16 *name = (CHAR16 *)(e->Data); @@ -77,33 +76,33 @@ configtable_find_image(const EFI_DEVICE_PATH *DevicePath) if (name[0] == '\0' || (e->Data[1] == 0 && e->Data[3] == 0)) { skip = StrSize(name); #ifdef DEBUG_CONFIG - Print(L"FOUND NAME %s (%d)\n", name, skip); + console_print(L"FOUND NAME %s (%d)\n", name, skip); #endif } EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *)(e->Data + skip), *dpn = dp; if (dp->Type == 0 || dp->Type > 6 || dp->SubType == 0 || ((unsigned)((dp->Length[1] << 8) + dp->Length[0]) > e->InfoSize)) { /* Parse error, table corrupt, bail */ - Print(L"Image Execution Information table corrupt\n"); + console_print(L"Image Execution Information table corrupt\n"); break; } UINTN Size; DevicePathInstance(&dpn, &Size); #ifdef DEBUG_CONFIG - Print(L"Path: %s\n", DevicePathToStr(dp)); - Print(L"Device Path Size %d\n", Size); + console_print(L"Path: %s\n", DevicePathToStr(dp)); + console_print(L"Device Path Size %d\n", Size); #endif if (Size > e->InfoSize) { /* parse error; the platform obviously has a * corrupted image table; bail */ - Print(L"Image Execution Information table corrupt\n"); + console_print(L"Image Execution Information table corrupt\n"); break; } if (CompareMem(dp, (void *)DevicePath, Size) == 0) { #ifdef DEBUG_CONFIG - Print(L"***FOUND\n"); + console_print(L"***FOUND\n"); console_get_keystroke(); #endif return e; @@ -112,7 +111,7 @@ configtable_find_image(const EFI_DEVICE_PATH *DevicePath) } #ifdef DEBUG_CONFIG - Print(L"***NOT FOUND\n"); + console_print(L"***NOT FOUND\n"); console_get_keystroke(); #endif @@ -135,7 +134,7 @@ configtable_image_is_forbidden(const EFI_DEVICE_PATH *DevicePath) || e->Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED)) { /* this means the images signing key is in dbx */ #ifdef DEBUG_CONFIG - Print(L"SIGNATURE IS IN DBX, FORBIDDING EXECUTION\n"); + console_print(L"SIGNATURE IS IN DBX, FORBIDDING EXECUTION\n"); #endif return 1; } diff --git a/lib/console.c b/lib/console.c index 3fee403e..3aee41cd 100644 --- a/lib/console.c +++ b/lib/console.c @@ -6,19 +6,12 @@ */ #include <efi.h> #include <efilib.h> +#include <stdarg.h> +#include <stdbool.h> -#include <console.h> -#include <variables.h> -#include <errors.h> +#include "shim.h" -static EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; - -static int min(int a, int b) -{ - if (a < b) - return a; - return b; -} +static UINT8 console_text_mode = 0; static int count_lines(CHAR16 *str_arr[]) @@ -43,17 +36,95 @@ SetMem16(CHAR16 *dst, UINT32 n, CHAR16 c) EFI_STATUS console_get_keystroke(EFI_INPUT_KEY *key) { + SIMPLE_INPUT_INTERFACE *ci = ST->ConIn; UINTN EventIndex; - EFI_STATUS status; + EFI_STATUS efi_status; do { - uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &EventIndex); - status = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, key); - } while (status == EFI_NOT_READY); + gBS->WaitForEvent(1, &ci->WaitForKey, &EventIndex); + efi_status = ci->ReadKeyStroke(ci, key); + } while (efi_status == EFI_NOT_READY); - return status; + return efi_status; } +static VOID setup_console (int text) +{ + EFI_STATUS efi_status; + EFI_CONSOLE_CONTROL_PROTOCOL *concon; + static EFI_CONSOLE_CONTROL_SCREEN_MODE mode = + EfiConsoleControlScreenGraphics; + EFI_CONSOLE_CONTROL_SCREEN_MODE new_mode; + + efi_status = LibLocateProtocol(&EFI_CONSOLE_CONTROL_GUID, + (VOID **)&concon); + if (EFI_ERROR(efi_status)) + return; + + if (text) { + new_mode = EfiConsoleControlScreenText; + + efi_status = concon->GetMode(concon, &mode, 0, 0); + /* If that didn't work, assume it's graphics */ + if (EFI_ERROR(efi_status)) + mode = EfiConsoleControlScreenGraphics; + if (text < 0) { + if (mode == EfiConsoleControlScreenGraphics) + console_text_mode = 0; + else + console_text_mode = 1; + return; + } + } else { + new_mode = mode; + } + + concon->SetMode(concon, new_mode); + console_text_mode = text; +} + +VOID console_fini(VOID) +{ + if (console_text_mode) + setup_console(0); +} + +UINTN +console_print(const CHAR16 *fmt, ...) +{ + va_list args; + UINTN ret; + + if (!console_text_mode) + setup_console(1); + + va_start(args, fmt); + ret = VPrint(fmt, args); + va_end(args); + + return ret; +} + +UINTN +console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) +{ + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + va_list args; + UINTN ret; + + if (!console_text_mode) + setup_console(1); + + co->SetCursorPosition(co, col, row); + + va_start(args, fmt); + ret = VPrint(fmt, args); + va_end(args); + + return ret; +} + + void console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, @@ -68,7 +139,10 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, if (lines == 0) return; - uefi_call_wrapper(co->QueryMode, 4, co, co->Mode->Mode, &cols, &rows); + if (!console_text_mode) + setup_console(1); + + co->QueryMode(co, co->Mode->Mode, &cols, &rows); /* last row on screen is unusable without scrolling, so ignore it */ rows--; @@ -88,8 +162,8 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, start_row = 0; if (start_col > (int)cols || start_row > (int)rows) { - Print(L"Starting Position (%d,%d) is off screen\n", - start_col, start_row); + console_print(L"Starting Position (%d,%d) is off screen\n", + start_col, start_row); return; } if (size_cols + start_col > (int)cols) @@ -102,7 +176,7 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, Line = AllocatePool((size_cols+1)*sizeof(CHAR16)); if (!Line) { - Print(L"Failed Allocation\n"); + console_print(L"Failed Allocation\n"); return; } @@ -111,8 +185,8 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, Line[0] = BOXDRAW_DOWN_RIGHT; Line[size_cols - 1] = BOXDRAW_DOWN_LEFT; Line[size_cols] = L'\0'; - uefi_call_wrapper(co->SetCursorPosition, 3, co, start_col, start_row); - uefi_call_wrapper(co->OutputString, 2, co, Line); + co->SetCursorPosition(co, start_col, start_row); + co->OutputString(co, Line); int start; if (offset == 0) @@ -143,19 +217,21 @@ console_print_box_at(CHAR16 *str_arr[], int highlight, CopyMem(Line + col + 1, s, min(len, size_cols - 2)*2); } if (line >= 0 && line == highlight) - uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLACK); - uefi_call_wrapper(co->SetCursorPosition, 3, co, start_col, i); - uefi_call_wrapper(co->OutputString, 2, co, Line); + co->SetAttribute(co, EFI_LIGHTGRAY | + EFI_BACKGROUND_BLACK); + co->SetCursorPosition(co, start_col, i); + co->OutputString(co, Line); if (line >= 0 && line == highlight) - uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); + co->SetAttribute(co, EFI_LIGHTGRAY | + EFI_BACKGROUND_BLUE); } SetMem16 (Line, size_cols * 2, BOXDRAW_HORIZONTAL); Line[0] = BOXDRAW_UP_RIGHT; Line[size_cols - 1] = BOXDRAW_UP_LEFT; Line[size_cols] = L'\0'; - uefi_call_wrapper(co->SetCursorPosition, 3, co, start_col, i); - uefi_call_wrapper(co->OutputString, 2, co, Line); + co->SetCursorPosition(co, start_col, i); + co->OutputString(co, Line); FreePool (Line); @@ -168,18 +244,22 @@ console_print_box(CHAR16 *str_arr[], int highlight) SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; EFI_INPUT_KEY key; + if (!console_text_mode) + setup_console(1); + CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode)); - uefi_call_wrapper(co->EnableCursor, 2, co, FALSE); - uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); + co->EnableCursor(co, FALSE); + co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); console_print_box_at(str_arr, highlight, 0, 0, -1, -1, 0, count_lines(str_arr)); console_get_keystroke(&key); - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); - uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); - uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); + co->EnableCursor(co, SavedConsoleMode.CursorVisible); + co->SetCursorPosition(co, SavedConsoleMode.CursorColumn, + SavedConsoleMode.CursorRow); + co->SetAttribute(co, SavedConsoleMode.Attribute); } int @@ -188,7 +268,7 @@ console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) SIMPLE_TEXT_OUTPUT_MODE SavedConsoleMode; SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; EFI_INPUT_KEY k; - EFI_STATUS status; + EFI_STATUS efi_status; int selector; unsigned int selector_lines = count_lines(selectors); int selector_max_cols = 0; @@ -197,7 +277,10 @@ console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) unsigned int selector_offset; UINTN cols, rows; - uefi_call_wrapper(co->QueryMode, 4, co, co->Mode->Mode, &cols, &rows); + if (!console_text_mode) + setup_console(1); + + co->QueryMode(co, co->Mode->Mode, &cols, &rows); for (i = 0; i < selector_lines; i++) { int len = StrLen(selectors[i]); @@ -206,8 +289,6 @@ console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) selector_max_cols = len; } - if (start < 0) - start = 0; if (start >= selector_lines) start = selector_lines - 1; @@ -234,8 +315,8 @@ console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) } CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode)); - uefi_call_wrapper(co->EnableCursor, 2, co, FALSE); - uefi_call_wrapper(co->SetAttribute, 2, co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); + co->EnableCursor(co, FALSE); + co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); console_print_box_at(title, -1, 0, 0, -1, -1, 1, count_lines(title)); @@ -243,9 +324,10 @@ console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) size_cols, size_rows, 0, lines); do { - status = console_get_keystroke(&k); - if (EFI_ERROR (status)) { - Print(L"Failed to read the keystroke: %r", status); + efi_status = console_get_keystroke(&k); + if (EFI_ERROR (efi_status)) { + console_print(L"Failed to read the keystroke: %r", + efi_status); selector = -1; break; } @@ -273,9 +355,10 @@ console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) } while (!(k.ScanCode == SCAN_NULL && k.UnicodeChar == CHAR_CARRIAGE_RETURN)); - uefi_call_wrapper(co->EnableCursor, 2, co, SavedConsoleMode.CursorVisible); - uefi_call_wrapper(co->SetCursorPosition, 3, co, SavedConsoleMode.CursorColumn, SavedConsoleMode.CursorRow); - uefi_call_wrapper(co->SetAttribute, 2, co, SavedConsoleMode.Attribute); + co->EnableCursor(co, SavedConsoleMode.CursorVisible); + co->SetCursorPosition(co, SavedConsoleMode.CursorColumn, + SavedConsoleMode.CursorRow); + co->SetAttribute(co, SavedConsoleMode.Attribute); if (selector < 0) /* ESC pressed */ @@ -287,13 +370,15 @@ console_select(CHAR16 *title[], CHAR16* selectors[], unsigned int start) int console_yes_no(CHAR16 *str_arr[]) { - return console_select(str_arr, (CHAR16 *[]){ L"No", L"Yes", NULL }, 0); + CHAR16 *yes_no[] = { L"No", L"Yes", NULL }; + return console_select(str_arr, yes_no, 0); } void console_alertbox(CHAR16 **title) { - console_select(title, (CHAR16 *[]){ L"OK", 0 }, 0); + CHAR16 *okay[] = { L"OK", NULL }; + console_select(title, okay, 0); } void @@ -370,23 +455,22 @@ static struct { static CHAR16 * err_string ( - IN EFI_STATUS Status + IN EFI_STATUS efi_status ) { UINTN Index; for (Index = 0; error_table[Index].Desc; Index +=1) { - if (error_table[Index].Code == Status) { + if (error_table[Index].Code == efi_status) { return error_table[Index].Desc; } } return L""; } - void -console_error(CHAR16 *err, EFI_STATUS status) +console_error(CHAR16 *err, EFI_STATUS efi_status) { CHAR16 **err_arr = (CHAR16 *[]){ L"ERROR", @@ -396,7 +480,8 @@ console_error(CHAR16 *err, EFI_STATUS status) }; CHAR16 str[512]; - SPrint(str, sizeof(str), L"%s: (%d) %s", err, status, err_string(status)); + SPrint(str, sizeof(str), L"%s: (0x%x) %s", err, efi_status, + err_string(efi_status)); err_arr[2] = str; @@ -408,54 +493,69 @@ console_reset(void) { SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - uefi_call_wrapper(co->Reset, 2, co, TRUE); + if (!console_text_mode) + setup_console(1); + + co->Reset(co, TRUE); /* set mode 0 - required to be 80x25 */ - uefi_call_wrapper(co->SetMode, 2, co, 0); - uefi_call_wrapper(co->ClearScreen, 1, co); + co->SetMode(co, 0); + co->ClearScreen(co); } -UINT8 verbose; +UINT32 verbose = 0; VOID setup_verbosity(VOID) { - EFI_STATUS status; - EFI_GUID guid = SHIM_LOCK_GUID; - UINT8 verbose_check; + EFI_STATUS efi_status; + UINT8 *verbose_check_ptr = NULL; UINTN verbose_check_size; - verbose_check_size = 1; - status = get_variable(L"SHIM_VERBOSE", (void *)&verbose_check, - &verbose_check_size, guid); - verbose = 0; - if (!EFI_ERROR(status)) - verbose = verbose_check; + verbose_check_size = sizeof(verbose); + efi_status = get_variable(L"SHIM_VERBOSE", &verbose_check_ptr, + &verbose_check_size, SHIM_LOCK_GUID); + if (!EFI_ERROR(efi_status)) { + verbose = *(__typeof__(verbose) *)verbose_check_ptr; + verbose &= (1ULL << (8 * verbose_check_size)) - 1ULL; + FreePool(verbose_check_ptr); + } + + setup_console(-1); } -VOID setup_console (int text) +/* Included here because they mess up the definition of va_list and friends */ +#include <Library/BaseCryptLib.h> +#include <openssl/err.h> +#include <openssl/crypto.h> + +static int +print_errors_cb(const char *str, size_t len, void *u) { - EFI_STATUS status; - EFI_GUID console_control_guid = EFI_CONSOLE_CONTROL_PROTOCOL_GUID; - EFI_CONSOLE_CONTROL_PROTOCOL *concon; - static EFI_CONSOLE_CONTROL_SCREEN_MODE mode = - EfiConsoleControlScreenGraphics; - EFI_CONSOLE_CONTROL_SCREEN_MODE new_mode; + console_print(L"%a", str); - status = LibLocateProtocol(&console_control_guid, (VOID **)&concon); - if (status != EFI_SUCCESS) - return; + return len; +} - if (text) { - new_mode = EfiConsoleControlScreenText; +EFI_STATUS +print_crypto_errors(EFI_STATUS efi_status, + char *file, const char *func, int line) +{ + if (!(verbose && EFI_ERROR(efi_status))) + return efi_status; - status = uefi_call_wrapper(concon->GetMode, 4, concon, &mode, - 0, 0); - /* If that didn't work, assume it's graphics */ - if (status != EFI_SUCCESS) - mode = EfiConsoleControlScreenGraphics; - } else { - new_mode = mode; - } + console_print(L"SSL Error: %a:%d %a(): %r\n", file, line, func, + efi_status); + ERR_print_errors_cb(print_errors_cb, NULL); + + return efi_status; +} - uefi_call_wrapper(concon->SetMode, 2, concon, new_mode); +VOID +msleep(unsigned long msecs) +{ + gBS->Stall(msecs); } + +/* This is used in various things to determine if we should print to the + * console */ +UINT8 in_protocol = 0; diff --git a/lib/execute.c b/lib/execute.c index 89328c68..3aff28ad 100644 --- a/lib/execute.c +++ b/lib/execute.c @@ -41,8 +41,7 @@ #include <efi.h> #include <efilib.h> -#include <guid.h> -#include <execute.h> +#include "shim.h" EFI_STATUS generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16 **PathName) @@ -74,7 +73,7 @@ generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16 *PathName = AllocatePool((pathlen + 1 + StrLen(name))*sizeof(CHAR16)); if (!*PathName) { - Print(L"Failed to allocate path buffer\n"); + console_print(L"Failed to allocate path buffer\n"); efi_status = EFI_OUT_OF_RESOURCES; goto error; } @@ -96,32 +95,30 @@ error: EFI_STATUS execute(EFI_HANDLE image, CHAR16 *name) { - EFI_STATUS status; + EFI_STATUS efi_status; EFI_HANDLE h; EFI_LOADED_IMAGE *li; EFI_DEVICE_PATH *devpath; CHAR16 *PathName; - status = uefi_call_wrapper(BS->HandleProtocol, 3, image, - &IMAGE_PROTOCOL, (void **)&li); - if (status != EFI_SUCCESS) - return status; + efi_status = gBS->HandleProtocol(image, &IMAGE_PROTOCOL, + (void **) &li); + if (EFI_ERROR(efi_status)) + return efi_status; - - status = generate_path(name, li, &devpath, &PathName); - if (status != EFI_SUCCESS) - return status; + efi_status = generate_path(name, li, &devpath, &PathName); + if (EFI_ERROR(efi_status)) + return efi_status; - status = uefi_call_wrapper(BS->LoadImage, 6, FALSE, image, - devpath, NULL, 0, &h); - if (status != EFI_SUCCESS) + efi_status = gBS->LoadImage(FALSE, image, devpath, NULL, 0, &h); + if (EFI_ERROR(efi_status)) goto out; - - status = uefi_call_wrapper(BS->StartImage, 3, h, NULL, NULL); - uefi_call_wrapper(BS->UnloadImage, 1, h); + + efi_status = gBS->StartImage(h, NULL, NULL); + gBS->UnloadImage(h); out: FreePool(PathName); FreePool(devpath); - return status; + return efi_status; } @@ -4,19 +4,36 @@ * see COPYING file */ -#include <guid.h> +#include "shim.h" -/* all the necessary guids */ +EFI_GUID BDS_GUID = { 0x8108ac4e, 0x9f11, 0x4d59, { 0x85, 0x0e, 0xe2, 0x1a, 0x52, 0x2c, 0x59, 0xb2 } }; EFI_GUID GV_GUID = EFI_GLOBAL_VARIABLE; EFI_GUID SIG_DB = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}; - EFI_GUID X509_GUID = { 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} }; EFI_GUID RSA2048_GUID = { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} }; EFI_GUID PKCS7_GUID = { 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} }; EFI_GUID IMAGE_PROTOCOL = LOADED_IMAGE_PROTOCOL; -EFI_GUID SIMPLE_FS_PROTOCOL = SIMPLE_FILE_SYSTEM_PROTOCOL; +EFI_GUID EFI_FILE_INFO_GUID = EFI_FILE_INFO_ID; +EFI_GUID EFI_FILE_SYSTEM_INFO_GUID = EFI_FILE_SYSTEM_INFO_ID; +EFI_GUID EFI_CERT_RSA2048_GUID = { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} }; EFI_GUID EFI_CERT_SHA1_GUID = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}; EFI_GUID EFI_CERT_SHA256_GUID = { 0xc1c41626, 0x504c, 0x4092, { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 } }; -EFI_GUID MOK_OWNER = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; +EFI_GUID EFI_CERT_SHA224_GUID = { 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} }; +EFI_GUID EFI_CERT_SHA384_GUID = { 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} }; +EFI_GUID EFI_CERT_SHA512_GUID = { 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} }; +EFI_GUID EFI_CERT_TYPE_PKCS7_GUID = { 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} }; +EFI_GUID EFI_CERT_TYPE_RSA2048_SHA256_GUID = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }; +EFI_GUID EFI_CERT_TYPE_X509_GUID = { 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} }; +EFI_GUID EFI_CONSOLE_CONTROL_GUID = { 0xf42f7782, 0x12e, 0x4c12, {0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21} }; +EFI_GUID EFI_HTTP_BINDING_GUID = { 0xbdc8e6af, 0xd9bc, 0x4379, {0xa7, 0x2a, 0xe0, 0xc4, 0xe7, 0x5d, 0xae, 0x1c } }; +EFI_GUID EFI_HTTP_PROTOCOL_GUID = { 0x7a59b29b, 0x910b, 0x4171, {0x82, 0x42, 0xa8, 0x5a, 0x0d, 0xf2, 0x5b, 0x5b } }; +EFI_GUID EFI_IP4_CONFIG2_GUID = { 0x5b446ed1, 0xe30b, 0x4faa, {0x87, 0x1a, 0x36, 0x54, 0xec, 0xa3, 0x60, 0x80 } }; +EFI_GUID EFI_IP6_CONFIG_GUID = { 0x937fe521, 0x95ae, 0x4d1a, {0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } }; +EFI_GUID EFI_LOADED_IMAGE_GUID = EFI_LOADED_IMAGE_PROTOCOL_GUID; +EFI_GUID EFI_TPM_GUID = { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } }; +EFI_GUID EFI_TPM2_GUID = { 0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f } }; +EFI_GUID EFI_SECURE_BOOT_DB_GUID = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } }; +EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID = SIMPLE_FILE_SYSTEM_PROTOCOL; EFI_GUID SECURITY_PROTOCOL_GUID = { 0xA46423E3, 0x4617, 0x49f1, {0xB9, 0xFF, 0xD1, 0xBF, 0xA9, 0x11, 0x58, 0x39 } }; EFI_GUID SECURITY2_PROTOCOL_GUID = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } }; +EFI_GUID SHIM_LOCK_GUID = {0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } }; diff --git a/lib/security_policy.c b/lib/security_policy.c index 9af3a107..211f1cfd 100644 --- a/lib/security_policy.c +++ b/lib/security_policy.c @@ -9,7 +9,8 @@ #include <efi.h> #include <efilib.h> -#include <guid.h> +#include "shim.h" + #include <variables.h> #include <simple_file.h> #include <errors.h> @@ -55,14 +56,14 @@ static SecurityHook extra_check = NULL; static EFI_SECURITY_FILE_AUTHENTICATION_STATE esfas = NULL; static EFI_SECURITY2_FILE_AUTHENTICATION es2fa = NULL; -static EFI_STATUS thunk_security_policy_authentication( +extern EFI_STATUS thunk_security_policy_authentication( const EFI_SECURITY_PROTOCOL *This, UINT32 AuthenticationStatus, const EFI_DEVICE_PATH_PROTOCOL *DevicePath ) __attribute__((unused)); -static EFI_STATUS thunk_security2_policy_authentication( +extern EFI_STATUS thunk_security2_policy_authentication( const EFI_SECURITY2_PROTOCOL *This, const EFI_DEVICE_PATH_PROTOCOL *DevicePath, VOID *FileBuffer, @@ -80,16 +81,14 @@ security2_policy_authentication ( BOOLEAN BootPolicy ) { - EFI_STATUS status, auth; + EFI_STATUS efi_status, auth; /* Chain original security policy */ - status = uefi_call_wrapper(es2fa, 5, This, DevicePath, FileBuffer, - FileSize, BootPolicy); - + efi_status = es2fa(This, DevicePath, FileBuffer, FileSize, BootPolicy); /* if OK, don't bother with MOK check */ - if (status == EFI_SUCCESS) - return status; + if (!EFI_ERROR(efi_status)) + return efi_status; if (extra_check) auth = extra_check(FileBuffer, FileSize); @@ -100,7 +99,7 @@ security2_policy_authentication ( /* return previous status, which is the correct one * for the platform: may be either EFI_ACCESS_DENIED * or EFI_SECURITY_VIOLATION */ - return status; + return efi_status; return auth; } @@ -112,7 +111,7 @@ security_policy_authentication ( const EFI_DEVICE_PATH_PROTOCOL *DevicePathConst ) { - EFI_STATUS status, fail_status; + EFI_STATUS efi_status, fail_status; EFI_DEVICE_PATH *DevPath = DuplicateDevicePath((EFI_DEVICE_PATH *)DevicePathConst), *OrigDevPath = DevPath; @@ -121,50 +120,49 @@ security_policy_authentication ( VOID *FileBuffer; UINTN FileSize; CHAR16* DevPathStr; + EFI_GUID SIMPLE_FS_PROTOCOL = EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID; /* Chain original security policy */ - status = uefi_call_wrapper(esfas, 3, This, AuthenticationStatus, - DevicePathConst); - + efi_status = esfas(This, AuthenticationStatus, DevicePathConst); /* if OK avoid checking MOK: It's a bit expensive to * read the whole file in again (esfas already did this) */ - if (status == EFI_SUCCESS) + if (!EFI_ERROR(efi_status)) goto out; /* capture failure status: may be either EFI_ACCESS_DENIED or * EFI_SECURITY_VIOLATION */ - fail_status = status; + fail_status = efi_status; - status = uefi_call_wrapper(BS->LocateDevicePath, 3, - &SIMPLE_FS_PROTOCOL, &DevPath, &h); - if (status != EFI_SUCCESS) + efi_status = gBS->LocateDevicePath(&SIMPLE_FS_PROTOCOL, &DevPath, &h); + if (EFI_ERROR(efi_status)) goto out; DevPathStr = DevicePathToStr(DevPath); - status = simple_file_open_by_handle(h, DevPathStr, &f, - EFI_FILE_MODE_READ); + efi_status = simple_file_open_by_handle(h, DevPathStr, &f, + EFI_FILE_MODE_READ); FreePool(DevPathStr); - if (status != EFI_SUCCESS) + if (EFI_ERROR(efi_status)) goto out; - status = simple_file_read_all(f, &FileSize, &FileBuffer); - simple_file_close(f); - if (status != EFI_SUCCESS) + efi_status = simple_file_read_all(f, &FileSize, &FileBuffer); + f->Close(f); + if (EFI_ERROR(efi_status)) goto out; if (extra_check) - status = extra_check(FileBuffer, FileSize); + efi_status = extra_check(FileBuffer, FileSize); else - status = EFI_SECURITY_VIOLATION; + efi_status = EFI_SECURITY_VIOLATION; FreePool(FileBuffer); - if (status == EFI_ACCESS_DENIED || status == EFI_SECURITY_VIOLATION) + if (efi_status == EFI_ACCESS_DENIED || + efi_status == EFI_SECURITY_VIOLATION) /* return what the platform originally said */ - status = fail_status; + efi_status = fail_status; out: FreePool(OrigDevPath); - return status; + return efi_status; } @@ -265,7 +263,7 @@ security_policy_install(SecurityHook hook) { EFI_SECURITY_PROTOCOL *security_protocol; EFI_SECURITY2_PROTOCOL *security2_protocol = NULL; - EFI_STATUS status; + EFI_STATUS efi_status; if (esfas) /* Already Installed */ @@ -274,26 +272,24 @@ security_policy_install(SecurityHook hook) /* Don't bother with status here. The call is allowed * to fail, since SECURITY2 was introduced in PI 1.2.1 * If it fails, use security2_protocol == NULL as indicator */ - uefi_call_wrapper(BS->LocateProtocol, 3, - &SECURITY2_PROTOCOL_GUID, NULL, - &security2_protocol); - - status = uefi_call_wrapper(BS->LocateProtocol, 3, - &SECURITY_PROTOCOL_GUID, NULL, - &security_protocol); - if (status != EFI_SUCCESS) + LibLocateProtocol(&SECURITY2_PROTOCOL_GUID, + (VOID **) &security2_protocol); + + efi_status = LibLocateProtocol(&SECURITY_PROTOCOL_GUID, + (VOID **) &security_protocol); + if (EFI_ERROR(efi_status)) /* This one is mandatory, so there's a serious problem */ - return status; + return efi_status; if (security2_protocol) { es2fa = security2_protocol->FileAuthentication; - security2_protocol->FileAuthentication = - thunk_security2_policy_authentication; + security2_protocol->FileAuthentication = + (EFI_SECURITY2_FILE_AUTHENTICATION) thunk_security2_policy_authentication; } esfas = security_protocol->FileAuthenticationState; security_protocol->FileAuthenticationState = - thunk_security_policy_authentication; + (EFI_SECURITY_FILE_AUTHENTICATION_STATE) thunk_security_policy_authentication; if (hook) extra_check = hook; @@ -304,17 +300,15 @@ security_policy_install(SecurityHook hook) EFI_STATUS security_policy_uninstall(void) { - EFI_STATUS status; + EFI_STATUS efi_status; if (esfas) { EFI_SECURITY_PROTOCOL *security_protocol; - status = uefi_call_wrapper(BS->LocateProtocol, 3, - &SECURITY_PROTOCOL_GUID, NULL, - &security_protocol); - - if (status != EFI_SUCCESS) - return status; + efi_status = LibLocateProtocol(&SECURITY_PROTOCOL_GUID, + (VOID **) &security_protocol); + if (EFI_ERROR(efi_status)) + return efi_status; security_protocol->FileAuthenticationState = esfas; esfas = NULL; @@ -326,12 +320,10 @@ security_policy_uninstall(void) if (es2fa) { EFI_SECURITY2_PROTOCOL *security2_protocol; - status = uefi_call_wrapper(BS->LocateProtocol, 3, - &SECURITY2_PROTOCOL_GUID, NULL, - &security2_protocol); - - if (status != EFI_SUCCESS) - return status; + efi_status = LibLocateProtocol(&SECURITY2_PROTOCOL_GUID, + (VOID **) &security2_protocol); + if (EFI_ERROR(efi_status)) + return efi_status; security2_protocol->FileAuthentication = es2fa; es2fa = NULL; diff --git a/lib/shell.c b/lib/shell.c index afd3952c..e46e7fd2 100644 --- a/lib/shell.c +++ b/lib/shell.c @@ -8,22 +8,23 @@ #include <efi.h> #include <efilib.h> -#include <shell.h> +#include "shim.h" EFI_STATUS argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) { unsigned int i, count = 1; - EFI_STATUS status; + EFI_STATUS efi_status; EFI_LOADED_IMAGE *info; CHAR16 *start; *argc = 0; - status = uefi_call_wrapper(BS->HandleProtocol, 3, image, &LoadedImageProtocol, (VOID **) &info); - if (EFI_ERROR(status)) { - Print(L"Failed to get arguments\n"); - return status; + efi_status = gBS->HandleProtocol(image, &LoadedImageProtocol, + (VOID **) &info); + if (EFI_ERROR(efi_status)) { + console_print(L"Failed to get arguments\n"); + return efi_status; } for (i = 0; i < info->LoadOptionsSize; i += 2) { @@ -33,7 +34,8 @@ argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) } } - (*argc)++; /* we counted spaces, so add one for initial */ + /* we counted spaces, so add one for initial */ + (*argc)++; *ARGV = AllocatePool(*argc * sizeof(**ARGV)); if (!*ARGV) { diff --git a/lib/simple_file.c b/lib/simple_file.c index d345d870..3bf92ed8 100644 --- a/lib/simple_file.c +++ b/lib/simple_file.c @@ -7,15 +7,7 @@ #include <efi.h> #include <efilib.h> -#include <console.h> -#include <simple_file.h> -#include <efiauthenticated.h> -#include <execute.h> /* for generate_path() */ - -static EFI_GUID IMAGE_PROTOCOL = LOADED_IMAGE_PROTOCOL; -static EFI_GUID SIMPLE_FS_PROTOCOL = SIMPLE_FILE_SYSTEM_PROTOCOL; -static EFI_GUID FILE_INFO = EFI_FILE_INFO_ID; -static EFI_GUID FS_INFO = EFI_FILE_SYSTEM_INFO_ID; +#include "shim.h" EFI_STATUS simple_file_open_by_handle(EFI_HANDLE device, CHAR16 *name, EFI_FILE **file, UINT64 mode) @@ -24,23 +16,21 @@ simple_file_open_by_handle(EFI_HANDLE device, CHAR16 *name, EFI_FILE **file, UIN EFI_FILE_IO_INTERFACE *drive; EFI_FILE *root; - efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, device, - &SIMPLE_FS_PROTOCOL, (void **)&drive); - - if (efi_status != EFI_SUCCESS) { - Print(L"Unable to find simple file protocol (%d)\n", efi_status); + efi_status = gBS->HandleProtocol(device, &EFI_SIMPLE_FILE_SYSTEM_GUID, + (void **)&drive); + if (EFI_ERROR(efi_status)) { + console_print(L"Unable to find simple file protocol (%d)\n", + efi_status); goto error; } - efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); - - if (efi_status != EFI_SUCCESS) { - Print(L"Failed to open drive volume (%d)\n", efi_status); + efi_status = drive->OpenVolume(drive, &root); + if (EFI_ERROR(efi_status)) { + console_print(L"Failed to open drive volume (%d)\n", efi_status); goto error; } - efi_status = uefi_call_wrapper(root->Open, 5, root, file, name, - mode, 0); + efi_status = root->Open(root, file, name, mode, 0); error: return efi_status; @@ -55,16 +45,14 @@ simple_file_open(EFI_HANDLE image, CHAR16 *name, EFI_FILE **file, UINT64 mode) EFI_DEVICE_PATH *loadpath = NULL; CHAR16 *PathName = NULL; - efi_status = uefi_call_wrapper(BS->HandleProtocol, 3, image, - &IMAGE_PROTOCOL, (void **)&li); - - if (efi_status != EFI_SUCCESS) + efi_status = gBS->HandleProtocol(image, &IMAGE_PROTOCOL, + (void **) &li); + if (EFI_ERROR(efi_status)) return simple_file_open_by_handle(image, name, file, mode); efi_status = generate_path(name, li, &loadpath, &PathName); - - if (efi_status != EFI_SUCCESS) { - Print(L"Unable to generate load path for %s\n", name); + if (EFI_ERROR(efi_status)) { + console_print(L"Unable to generate load path for %s\n", name); return efi_status; } @@ -82,33 +70,32 @@ EFI_STATUS simple_dir_read_all_by_handle(EFI_HANDLE image, EFI_FILE *file, CHAR16* name, EFI_FILE_INFO **entries, int *count) { - EFI_STATUS status; + EFI_STATUS efi_status; char buf[4096]; UINTN size = sizeof(buf); EFI_FILE_INFO *fi = (void *)buf; - - status = uefi_call_wrapper(file->GetInfo, 4, file, &FILE_INFO, - &size, fi); - if (status != EFI_SUCCESS) { - Print(L"Failed to get file info\n"); + + efi_status = file->GetInfo(file, &EFI_FILE_INFO_GUID, &size, fi); + if (EFI_ERROR(efi_status)) { + console_print(L"Failed to get file info\n"); goto out; } if ((fi->Attribute & EFI_FILE_DIRECTORY) == 0) { - Print(L"Not a directory %s\n", name); - status = EFI_INVALID_PARAMETER; + console_print(L"Not a directory %s\n", name); + efi_status = EFI_INVALID_PARAMETER; goto out; } size = 0; *count = 0; for (;;) { UINTN len = sizeof(buf); - status = uefi_call_wrapper(file->Read, 3, file, &len, buf); - if (status != EFI_SUCCESS || len == 0) + efi_status = file->Read(file, &len, buf); + if (EFI_ERROR(efi_status) || len == 0) break; (*count)++; size += len; } - uefi_call_wrapper(file->SetPosition, 2, file, 0); + file->SetPosition(file, 0); char *ptr = AllocatePool(size); *entries = (EFI_FILE_INFO *)ptr; @@ -117,18 +104,18 @@ simple_dir_read_all_by_handle(EFI_HANDLE image, EFI_FILE *file, CHAR16* name, EF int i; for (i = 0; i < *count; i++) { UINTN len = size; - uefi_call_wrapper(file->Read, 3, file, &len, ptr); + file->Read(file, &len, ptr); ptr += len; size -= len; } - status = EFI_SUCCESS; + efi_status = EFI_SUCCESS; out: - simple_file_close(file); - if (status != EFI_SUCCESS && *entries) { + file->Close(file); + if (EFI_ERROR(efi_status) && *entries) { FreePool(*entries); *entries = NULL; } - return status; + return efi_status; } EFI_STATUS @@ -136,12 +123,12 @@ simple_dir_read_all(EFI_HANDLE image, CHAR16 *name, EFI_FILE_INFO **entries, int *count) { EFI_FILE *file; - EFI_STATUS status; + EFI_STATUS efi_status; - status = simple_file_open(image, name, &file, EFI_FILE_MODE_READ); - if (status != EFI_SUCCESS) { - Print(L"failed to open file %s: %d\n", name, status); - return status; + efi_status = simple_file_open(image, name, &file, EFI_FILE_MODE_READ); + if (EFI_ERROR(efi_status)) { + console_print(L"failed to open file %s: %d\n", name, efi_status); + return efi_status; } return simple_dir_read_all_by_handle(image, file, name, entries, count); @@ -156,12 +143,10 @@ simple_file_read_all(EFI_FILE *file, UINTN *size, void **buffer) *size = sizeof(buf); fi = (void *)buf; - - efi_status = uefi_call_wrapper(file->GetInfo, 4, file, &FILE_INFO, - size, fi); - if (efi_status != EFI_SUCCESS) { - Print(L"Failed to get file info\n"); + efi_status = file->GetInfo(file, &EFI_FILE_INFO_GUID, size, fi); + if (EFI_ERROR(efi_status)) { + console_print(L"Failed to get file info\n"); return efi_status; } @@ -169,11 +154,11 @@ simple_file_read_all(EFI_FILE *file, UINTN *size, void **buffer) *buffer = AllocatePool(*size); if (!*buffer) { - Print(L"Failed to allocate buffer of size %d\n", *size); + console_print(L"Failed to allocate buffer of size %d\n", *size); return EFI_OUT_OF_RESOURCES; } - efi_status = uefi_call_wrapper(file->Read, 3, file, size, *buffer); + efi_status = file->Read(file, size, *buffer); return efi_status; } @@ -183,29 +168,24 @@ simple_file_write_all(EFI_FILE *file, UINTN size, void *buffer) { EFI_STATUS efi_status; - efi_status = uefi_call_wrapper(file->Write, 3, file, &size, buffer); - + efi_status = file->Write(file, &size, buffer); return efi_status; } -void -simple_file_close(EFI_FILE *file) -{ - uefi_call_wrapper(file->Close, 1, file); -} - EFI_STATUS simple_volume_selector(CHAR16 **title, CHAR16 **selected, EFI_HANDLE *h) { UINTN count, i; EFI_HANDLE *vol_handles = NULL; - EFI_STATUS status; + EFI_STATUS efi_status; CHAR16 **entries; int val; - uefi_call_wrapper(BS->LocateHandleBuffer, 5, ByProtocol, - &SIMPLE_FS_PROTOCOL, NULL, &count, &vol_handles); - + efi_status = gBS->LocateHandleBuffer(ByProtocol, + &EFI_SIMPLE_FILE_SYSTEM_GUID, + NULL, &count, &vol_handles); + if (EFI_ERROR(efi_status)) + return efi_status; if (!count || !vol_handles) return EFI_NOT_FOUND; @@ -221,25 +201,23 @@ simple_volume_selector(CHAR16 **title, CHAR16 **selected, EFI_HANDLE *h) CHAR16 *name; EFI_FILE_IO_INTERFACE *drive; - status = uefi_call_wrapper(BS->HandleProtocol, 3, - vol_handles[i], - &SIMPLE_FS_PROTOCOL, - (void **)&drive); - if (status != EFI_SUCCESS || !drive) + efi_status = gBS->HandleProtocol(vol_handles[i], + &EFI_SIMPLE_FILE_SYSTEM_GUID, + (void **) &drive); + if (EFI_ERROR(efi_status) || !drive) continue; - status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root); - if (status != EFI_SUCCESS) + efi_status = drive->OpenVolume(drive, &root); + if (EFI_ERROR(efi_status)) continue; - status = uefi_call_wrapper(root->GetInfo, 4, root, &FS_INFO, + efi_status = root->GetInfo(root, &EFI_FILE_SYSTEM_INFO_GUID, &size, fi); - if (status != EFI_SUCCESS) + if (EFI_ERROR(efi_status)) continue; name = fi->VolumeLabel; - - if (!name || StrLen(name) == 0 || StrCmp(name, L" ") == 0) + if (!name || StrLen(name) == 0 || StrCmp(name, L" ") == 0) name = DevicePathToStr(DevicePathFromHandle(vol_handles[i])); entries[i] = AllocatePool((StrLen(name) + 2) * sizeof(CHAR16)); @@ -269,7 +247,6 @@ simple_volume_selector(CHAR16 **title, CHAR16 **selected, EFI_HANDLE *h) FreePool(entries); FreePool(vol_handles); - return EFI_SUCCESS; } @@ -277,7 +254,7 @@ EFI_STATUS simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, CHAR16 ***result, int *count, EFI_FILE_INFO **entries) { - EFI_STATUS status; + EFI_STATUS efi_status; int tot, offs = StrLen(filter), i, c, filtercount = 1; EFI_FILE_INFO *next; void *ptr; @@ -308,9 +285,8 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, *count = 0; - status = simple_dir_read_all(image, name, entries, &tot); - - if (status != EFI_SUCCESS) + efi_status = simple_dir_read_all(image, name, entries, &tot); + if (EFI_ERROR(efi_status)) goto out; ptr = next = *entries; @@ -326,7 +302,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, break; } } - ptr += OFFSET_OF(EFI_FILE_INFO, FileName) + (len + 1)*sizeof(CHAR16); + ptr += offsetof(EFI_FILE_INFO, FileName) + (len + 1)*sizeof(CHAR16); next = ptr; } if (*count) @@ -347,7 +323,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, if (next->Attribute & EFI_FILE_DIRECTORY) { (*result)[(*count)] = PoolPrint(L"%s/", next->FileName); if (!(*result)[(*count)]) { - Print(L"Failed to allocate buffer"); + console_print(L"Failed to allocate buffer"); return EFI_OUT_OF_RESOURCES; } (*count)++; @@ -360,7 +336,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, if (StrCmp(&next->FileName[len - offs], filterarr[c]) == 0) { (*result)[(*count)] = StrDuplicate(next->FileName); if (!(*result)[(*count)]) { - Print(L"Failed to allocate buffer"); + console_print(L"Failed to allocate buffer"); return EFI_OUT_OF_RESOURCES; } (*count)++; @@ -370,7 +346,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, break; } - next: + next: if (StrCmp(next->FileName, L"..") == 0) { /* place .. directory first */ CHAR16 *tmp = (*result)[(*count) - 1]; @@ -379,7 +355,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, (*result)[0] = tmp; } - ptr += OFFSET_OF(EFI_FILE_INFO, FileName) + (len + 1)*sizeof(CHAR16); + ptr += offsetof(EFI_FILE_INFO, FileName) + (len + 1)*sizeof(CHAR16); next = ptr; } if (*count == 0) { @@ -387,10 +363,10 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, (*result)[(*count)++] = L"./"; } (*result)[*count] = NULL; - status = EFI_SUCCESS; + efi_status = EFI_SUCCESS; out: - if (status != EFI_SUCCESS) { + if (EFI_ERROR(efi_status)) { if (*entries) FreePool(*entries); *entries = NULL; @@ -398,7 +374,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, FreePool(*result); *result = NULL; } - return status; + return efi_status; } static void @@ -411,12 +387,12 @@ free_entries(CHAR16 **entries, int count) } void -simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, - CHAR16 *filter, CHAR16 **result) +simple_file_selector(EFI_HANDLE * im, CHAR16 ** title, CHAR16 * name, + CHAR16 * filter, CHAR16 ** result) { - EFI_STATUS status; + EFI_STATUS efi_status; CHAR16 **entries = NULL; - EFI_FILE_INFO *dmp; + EFI_FILE_INFO *dmp = NULL; int count, select, len; CHAR16 *newname, *selected; @@ -436,18 +412,18 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, *im = h; } - newname = AllocatePool((StrLen(name) + 1)*sizeof(CHAR16)); + newname = AllocatePool((StrLen(name) + 1) * sizeof(CHAR16)); if (!newname) return; StrCpy(newname, name); name = newname; - redo: - status = simple_dir_filter(*im, name, filter, &entries, &count, &dmp); - - if (status != EFI_SUCCESS) - goto out_free_name; +redo: + efi_status = simple_dir_filter(*im, name, filter, &entries, &count, + &dmp); + if (EFI_ERROR(efi_status)) + goto out_free; select = console_select(title, entries, 0); if (select < 0) @@ -469,9 +445,6 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, } else if (StrCmp(selected, L"../") == 0) { int i; - i = StrLen(name) - 1; - - for (i = StrLen(name); i > 0; --i) { if (name[i] == '\\') break; @@ -489,11 +462,12 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, goto redo; } } - newname = AllocatePool((StrLen(name) + len + 2)*sizeof(CHAR16)); + newname = + AllocatePool((StrLen(name) + len + 2) * sizeof(CHAR16)); if (!newname) goto out_free; StrCpy(newname, name); - + if (name[StrLen(name) - 1] != '\\') StrCat(newname, L"\\"); StrCat(newname, selected); @@ -509,7 +483,7 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, goto redo; } - *result = AllocatePool((StrLen(name) + len + 2)*sizeof(CHAR16)); + *result = AllocatePool((StrLen(name) + len + 2) * sizeof(CHAR16)); if (*result) { StrCpy(*result, name); if (name[StrLen(name) - 1] != '\\') @@ -517,12 +491,12 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, StrCat(*result, selected); } - out_free: - FreePool(dmp); +out_free: + if (dmp) + FreePool(dmp); if (entries) { free_entries(entries, count); FreePool(entries); } - out_free_name: FreePool(name); } diff --git a/lib/variables.c b/lib/variables.c index 59d7d054..9c2e7d0a 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -11,23 +11,18 @@ * Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR> * This program and the accompanying materials * are licensed and made available under the terms and conditions of the BSD License - * which accompanies this distribution. The full text of the license may be found + * which accompanies this distribution. The full text of the license may be found * at * http://opensource.org/licenses/bsd-license.php * * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - * + * */ #include <efi.h> #include <efilib.h> -#include <efiauthenticated.h> - -#include <variables.h> -#include <guid.h> -#include <console.h> -#include <errors.h> +#include "shim.h" EFI_STATUS variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner, @@ -56,76 +51,75 @@ variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner, return EFI_SUCCESS; } - EFI_STATUS -CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data - ) +CreateTimeBasedPayload(IN OUT UINTN * DataSize, IN OUT UINT8 ** Data) { - EFI_STATUS Status; - UINT8 *NewData; - UINT8 *Payload; - UINTN PayloadSize; - EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; - UINTN DescriptorSize; - EFI_TIME Time; - EFI_GUID efi_cert_type = EFI_CERT_TYPE_PKCS7_GUID; - - if (Data == NULL || DataSize == NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // In Setup mode or Custom mode, the variable does not need to be signed but the - // parameters to the SetVariable() call still need to be prepared as authenticated - // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor without certificate - // data in it. - // - Payload = *Data; - PayloadSize = *DataSize; - - DescriptorSize = OFFSET_OF(EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData); - NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize); - if (NewData == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - if ((Payload != NULL) && (PayloadSize != 0)) { - CopyMem (NewData + DescriptorSize, Payload, PayloadSize); - } - - DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData); - - ZeroMem (&Time, sizeof (EFI_TIME)); - Status = uefi_call_wrapper(RT->GetTime,2, &Time, NULL); - if (EFI_ERROR (Status)) { - FreePool(NewData); - return Status; - } - Time.Pad1 = 0; - Time.Nanosecond = 0; - Time.TimeZone = 0; - Time.Daylight = 0; - Time.Pad2 = 0; - CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME)); - - DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); - DescriptorData->AuthInfo.Hdr.wRevision = 0x0200; - DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID; - DescriptorData->AuthInfo.CertType = efi_cert_type; - - /* we're expecting an EFI signature list, so don't free the input since - * it might not be in a pool */ + EFI_STATUS efi_status; + UINT8 *NewData; + UINT8 *Payload; + UINTN PayloadSize; + EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; + UINTN DescriptorSize; + EFI_TIME Time; + + if (Data == NULL || DataSize == NULL) { + return EFI_INVALID_PARAMETER; + } + /* + * In Setup mode or Custom mode, the variable does not need to be + * signed but the + * parameters to the SetVariable() call still need to be prepared as + * authenticated variable. So we create EFI_VARIABLE_AUTHENTICATED_2 + * descriptor without certificate data in it. + */ + Payload = *Data; + PayloadSize = *DataSize; + + DescriptorSize = offsetof(EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + + offsetof(WIN_CERTIFICATE_UEFI_GUID, CertData); + NewData = (UINT8 *) AllocateZeroPool(DescriptorSize + PayloadSize); + if (NewData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + if ((Payload != NULL) && (PayloadSize != 0)) { + CopyMem(NewData + DescriptorSize, Payload, PayloadSize); + } + + DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData); + + ZeroMem(&Time, sizeof(EFI_TIME)); + efi_status = gRT->GetTime(&Time, NULL); + if (EFI_ERROR(efi_status)) { + FreePool(NewData); + return efi_status; + } + Time.Pad1 = 0; + Time.Nanosecond = 0; + Time.TimeZone = 0; + Time.Daylight = 0; + Time.Pad2 = 0; + CopyMem(&DescriptorData->TimeStamp, &Time, sizeof(EFI_TIME)); + + DescriptorData->AuthInfo.Hdr.dwLength = + offsetof(WIN_CERTIFICATE_UEFI_GUID, CertData); + DescriptorData->AuthInfo.Hdr.wRevision = 0x0200; + DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID; + DescriptorData->AuthInfo.CertType = EFI_CERT_TYPE_PKCS7_GUID; + + /* + * we're expecting an EFI signature list, so don't free the input + * since it might not be in a pool + */ #if 0 - if (Payload != NULL) { - FreePool(Payload); - } + if (Payload != NULL) { + FreePool(Payload); + } #endif - - *DataSize = DescriptorSize + PayloadSize; - *Data = NewData; - return EFI_SUCCESS; + + *DataSize = DescriptorSize + PayloadSize; + *Data = NewData; + return EFI_SUCCESS; } EFI_STATUS @@ -146,8 +140,9 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner, int ds; efi_status = variable_create_esl(Data, len, &X509_GUID, NULL, (void **)&Cert, &ds); - if (efi_status != EFI_SUCCESS) { - Print(L"Failed to create %s certificate %d\n", var, efi_status); + if (EFI_ERROR(efi_status)) { + console_print(L"Failed to create %s certificate %d\n", + var, efi_status); return efi_status; } @@ -158,19 +153,18 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner, DataSize = len; } efi_status = CreateTimeBasedPayload(&DataSize, (UINT8 **)&Cert); - if (efi_status != EFI_SUCCESS) { - Print(L"Failed to create time based payload %d\n", efi_status); + if (EFI_ERROR(efi_status)) { + console_print(L"Failed to create time based payload %d\n", + efi_status); return efi_status; } - efi_status = uefi_call_wrapper(RT->SetVariable, 5, var, &owner, - EFI_VARIABLE_NON_VOLATILE - | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_BOOTSERVICE_ACCESS - | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS - | options, - DataSize, Cert); - + efi_status = gRT->SetVariable(var, &owner, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | + options, DataSize, Cert); return efi_status; } @@ -181,8 +175,9 @@ GetOSIndications(void) UINTN DataSize = sizeof(indications); EFI_STATUS efi_status; - efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"OsIndicationsSupported", &GV_GUID, NULL, &DataSize, &indications); - if (efi_status != EFI_SUCCESS) + efi_status = gRT->GetVariable(L"OsIndicationsSupported", &GV_GUID, + NULL, &DataSize, &indications); + if (EFI_ERROR(efi_status)) return 0; return indications; @@ -194,17 +189,15 @@ SETOSIndicationsAndReboot(UINT64 indications) UINTN DataSize = sizeof(indications); EFI_STATUS efi_status; - efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"OsIndications", - &GV_GUID, - EFI_VARIABLE_NON_VOLATILE - | EFI_VARIABLE_RUNTIME_ACCESS - | EFI_VARIABLE_BOOTSERVICE_ACCESS, - DataSize, &indications); - - if (efi_status != EFI_SUCCESS) + efi_status = gRT->SetVariable(L"OsIndications", &GV_GUID, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_BOOTSERVICE_ACCESS, + DataSize, &indications); + if (EFI_ERROR(efi_status)) return efi_status; - uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm, EFI_SUCCESS, 0, NULL); + gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL); /* does not return */ return EFI_SUCCESS; @@ -218,19 +211,19 @@ get_variable_attr(CHAR16 *var, UINT8 **data, UINTN *len, EFI_GUID owner, *len = 0; - efi_status = uefi_call_wrapper(RT->GetVariable, 5, var, &owner, - NULL, len, NULL); - if (efi_status != EFI_BUFFER_TOO_SMALL) + efi_status = gRT->GetVariable(var, &owner, NULL, len, NULL); + if (efi_status != EFI_BUFFER_TOO_SMALL) { + if (!EFI_ERROR(efi_status)) /* this should never happen */ + return EFI_PROTOCOL_ERROR; return efi_status; + } *data = AllocateZeroPool(*len); if (!*data) return EFI_OUT_OF_RESOURCES; - - efi_status = uefi_call_wrapper(RT->GetVariable, 5, var, &owner, - attributes, len, *data); - if (efi_status != EFI_SUCCESS) { + efi_status = gRT->GetVariable(var, &owner, attributes, len, *data); + if (EFI_ERROR(efi_status)) { FreePool(*data); *data = NULL; } @@ -263,19 +256,19 @@ find_in_esl(UINT8 *Data, UINTN DataSize, UINT8 *key, UINTN keylen) EFI_STATUS find_in_variable_esl(CHAR16* var, EFI_GUID owner, UINT8 *key, UINTN keylen) { - UINTN DataSize; - UINT8 *Data; - EFI_STATUS status; + UINTN DataSize = 0; + UINT8 *Data = NULL; + EFI_STATUS efi_status; - status = get_variable(var, &Data, &DataSize, owner); - if (status != EFI_SUCCESS) - return status; + efi_status = get_variable(var, &Data, &DataSize, owner); + if (EFI_ERROR(efi_status)) + return efi_status; - status = find_in_esl(Data, DataSize, key, keylen); + efi_status = find_in_esl(Data, DataSize, key, keylen); FreePool(Data); - return status; + return efi_status; } int @@ -284,11 +277,11 @@ variable_is_setupmode(int default_return) /* set to 1 because we return true if SetupMode doesn't exist */ UINT8 SetupMode = default_return; UINTN DataSize = sizeof(SetupMode); - EFI_STATUS status; + EFI_STATUS efi_status; - status = uefi_call_wrapper(RT->GetVariable, 5, L"SetupMode", &GV_GUID, NULL, - &DataSize, &SetupMode); - if (EFI_ERROR(status)) + efi_status = gRT->GetVariable(L"SetupMode", &GV_GUID, NULL, + &DataSize, &SetupMode); + if (EFI_ERROR(efi_status)) return default_return; return SetupMode; @@ -300,12 +293,12 @@ variable_is_secureboot(void) /* return false if variable doesn't exist */ UINT8 SecureBoot = 0; UINTN DataSize; - EFI_STATUS status; + EFI_STATUS efi_status; DataSize = sizeof(SecureBoot); - status = uefi_call_wrapper(RT->GetVariable, 5, L"SecureBoot", &GV_GUID, NULL, - &DataSize, &SecureBoot); - if (EFI_ERROR(status)) + efi_status = gRT->GetVariable(L"SecureBoot", &GV_GUID, NULL, + &DataSize, &SecureBoot); + if (EFI_ERROR(efi_status)) return 0; return SecureBoot; @@ -315,14 +308,15 @@ EFI_STATUS variable_enroll_hash(CHAR16 *var, EFI_GUID owner, UINT8 hash[SHA256_DIGEST_SIZE]) { - EFI_STATUS status; + EFI_STATUS efi_status; - if (find_in_variable_esl(var, owner, hash, SHA256_DIGEST_SIZE) - == EFI_SUCCESS) + efi_status = find_in_variable_esl(var, owner, hash, SHA256_DIGEST_SIZE); + if (!EFI_ERROR(efi_status)) /* hash already present */ return EFI_ALREADY_STARTED; - UINT8 sig[sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + SHA256_DIGEST_SIZE]; + UINT8 sig[sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA) - 1 + SHA256_DIGEST_SIZE]; EFI_SIGNATURE_LIST *l = (void *)sig; EFI_SIGNATURE_DATA *d = (void *)sig + sizeof(EFI_SIGNATURE_LIST); SetMem(sig, 0, sizeof(sig)); @@ -330,16 +324,16 @@ variable_enroll_hash(CHAR16 *var, EFI_GUID owner, l->SignatureListSize = sizeof(sig); l->SignatureSize = 16 +32; /* UEFI defined */ CopyMem(&d->SignatureData, hash, SHA256_DIGEST_SIZE); - d->SignatureOwner = MOK_OWNER; + d->SignatureOwner = SHIM_LOCK_GUID; if (CompareGuid(&owner, &SIG_DB) == 0) - status = SetSecureVariable(var, sig, sizeof(sig), owner, - EFI_VARIABLE_APPEND_WRITE, 0); + efi_status = SetSecureVariable(var, sig, sizeof(sig), owner, + EFI_VARIABLE_APPEND_WRITE, 0); else - status = uefi_call_wrapper(RT->SetVariable, 5, var, &owner, - EFI_VARIABLE_NON_VOLATILE - | EFI_VARIABLE_BOOTSERVICE_ACCESS - | EFI_VARIABLE_APPEND_WRITE, - sizeof(sig), sig); - return status; + efi_status = gRT->SetVariable(var, &owner, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_APPEND_WRITE, + sizeof(sig), sig); + return efi_status; } |