diff options
| author | Peter Jones <pjones@redhat.com> | 2025-02-20 19:20:47 -0500 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2025-02-25 19:40:54 -0500 |
| commit | 89e615081af5fbafefeae5b09def3a003e467838 (patch) | |
| tree | b857b0f6d28f1ca6cb83cf9beebae217e15fcbcc /mok.c | |
| parent | 3bce11831343ba6e67740f23ab3a6c6f09bc0bca (diff) | |
| download | efi-boot-shim-89e615081af5fbafefeae5b09def3a003e467838.tar.gz efi-boot-shim-89e615081af5fbafefeae5b09def3a003e467838.zip | |
Add shim's current NX_COMPAT status to HSIStatus
hughsie asked me to also make it observable at runtime whether the shim
binary that was used to boot was set as NX_COMPAT or not.
This adds that into the HSIStatus data as "shim-has-nx-compat-set".
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'mok.c')
| -rw-r--r-- | mok.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -45,6 +45,7 @@ format_hsi_status(UINT8 *buf, size_t sz, const char hasdxeservices[] = "\nhas-dxe-services-table: "; const char hasdsgmsd[] = "\nhas-get-memory-space-descriptor: "; const char hasdssmsa[] = "\nhas-set-memory-space-attributes: "; + const char shimhasnx[] = "\nshim-has-nx-compat-set: "; const char finale[] = "\n"; char *pos; @@ -55,7 +56,7 @@ format_hsi_status(UINT8 *buf, size_t sz, UINTN ret = sizeof(heapx) + sizeof(stackx) + sizeof(row) + sizeof(hasmap) + sizeof(hasdxeservices) + sizeof(hasdsgmsd) + - sizeof(hasdssmsa) + + sizeof(hasdssmsa) + sizeof(shimhasnx) + sizeof(finale); if (buf == 0 || sz < ret) { @@ -78,6 +79,8 @@ format_hsi_status(UINT8 *buf, size_t sz, pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASDSTGMSD) ? "1" : "0"); pos = stpcpy(pos, hasdssmsa); pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASDSTSMSA) ? "1" : "0"); + pos = stpcpy(pos, shimhasnx); + pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_NX) ? "1" : "0"); stpcpy(pos, finale); return ret; |