5 files changed, 42 insertions, 3 deletions

diff --git a/MokVars.txt b/MokVars.txt
index e6e68ce4..0ab81ff6 100644
--- a/MokVars.txt
+++ b/MokVars.txt
@@ -103,3 +103,9 @@ HSIStatus: Status of various security features:
                             1: read-only sections are writable
   has-memory-attribute-protocol: 0: platform does not provide the EFI Memory Attribute Protocol
                                  1: platform does provide the EFI Memory Attribute Protocol
+  has-dxe-services-table: 0: platform does not provide the DXE Services Table
+                          1: platform does provide the DXE Services Table
+  has-get-memory-space-descriptor: 0: platform's DST does not populate GetMemorySpaceDescriptor
+                                   1: platform's DST does populate GetMemorySpaceDescriptor
+  has-set-memory-space-descriptor: 0: platform's DST does not populate SetMemorySpaceDescriptor
+                                   1: platform's DST does populate SetMemorySpaceDescriptor
diff --git a/include/mok.h b/include/mok.h
index 1b44217c..cea4c997 100644
--- a/include/mok.h
+++ b/include/mok.h
@@ -141,6 +141,12 @@ extern UINTN hsi_status;
 #define SHIM_HSI_STATUS_ROW		0x00000004ULL
 /* platform provides the EFI Memory Attribute Protocol */
 #define SHIM_HSI_STATUS_HASMAP		0x00000008ULL
+/* platform provides DXE Services Table */
+#define SHIM_HSI_STATUS_HASDST		0x00000010ULL
+/* platform has DST->GetMemorySpaceDescriptor */
+#define SHIM_HSI_STATUS_HASDSTGMSD	0x00000020ULL
+/* platform has DST->SetMemorySpaceAttributes */
+#define SHIM_HSI_STATUS_HASDSTSMSA	0x00000040ULL
 
 #endif /* !SHIM_MOK_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/include/test-data-efivars-1.h b/include/test-data-efivars-1.h
index d97a4d6d..7a34ea70 100644
--- a/include/test-data-efivars-1.h
+++ b/include/test-data-efivars-1.h
@@ -110,7 +110,11 @@ static const unsigned char test_data_efivars_1_HSIStatus[] =
 	"heap-is-executable: 0\n"
 	"stack-is-executable: 0\n"
 	"ro-sections-are-writable: 0\n"
-	"has-memory-attribute-protocol: 0\n";
+	"has-memory-attribute-protocol: 0\n"
+	"has-dxe-services-table: 0\n"
+	"has-get-memory-space-descriptor: 0\n"
+	"has-set-memory-space-attributes: 0\n"
+	;
 
 #endif /* !TEST_DATA_EFIVARS_1_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/memattrs.c b/memattrs.c
index a2c1777c..f502805f 100644
--- a/memattrs.c
+++ b/memattrs.c
@@ -50,7 +50,7 @@ get_dxe_services_table(EFI_DXE_SERVICES_TABLE **dstp)
 	static EFI_DXE_SERVICES_TABLE *dst = NULL;
 
 	if (dst == NULL) {
-	dprint(L"Looking for configuration table " LGUID_FMT L"\n", GUID_ARGS(gEfiDxeServicesTableGuid));
+		dprint(L"Looking for configuration table " LGUID_FMT L"\n", GUID_ARGS(gEfiDxeServicesTableGuid));
 
 		for (UINTN i = 0; i < ST->NumberOfTableEntries; i++) {
 			EFI_CONFIGURATION_TABLE *ct = &ST->ConfigurationTable[i];
@@ -408,6 +408,7 @@ get_hsi_mem_info(void)
 	uint64_t attrs = 0;
 	uint32_t *tmp_alloc;
 	EFI_MEMORY_ATTRIBUTE_PROTOCOL *efiproto = NULL;
+	EFI_DXE_SERVICES_TABLE *dst = NULL;
 
 	get_efi_mem_attr_protocol(&efiproto);
 	if (efiproto) {
@@ -415,7 +416,18 @@ get_hsi_mem_info(void)
 		dprint(L"Setting HSI to 0x%lx\n", hsi_status);
 	}
 
-	if (!(hsi_status & SHIM_HSI_STATUS_HASMAP)) {
+	get_dxe_services_table(&dst);
+	if (dst) {
+		hsi_status |= SHIM_HSI_STATUS_HASDST;
+		if (dst->GetMemorySpaceDescriptor)
+			hsi_status |= SHIM_HSI_STATUS_HASDSTGMSD;
+		if (dst->SetMemorySpaceAttributes)
+			hsi_status |= SHIM_HSI_STATUS_HASDSTSMSA;
+	}
+
+	if (!(hsi_status & SHIM_HSI_STATUS_HASMAP) &&
+	    !(hsi_status & SHIM_HSI_STATUS_HASDSTGMSD &&
+	      hsi_status & SHIM_HSI_STATUS_HASDSTSMSA)) {
 		dprint(L"No memory protocol, not testing further\n");
 		return;
 	}
diff --git a/mok.c b/mok.c
index 97d4a0eb..cb70e7e2 100644
--- a/mok.c
+++ b/mok.c
@@ -42,6 +42,9 @@ format_hsi_status(UINT8 *buf, size_t sz,
 	const char stackx[] = "\nstack-is-executable: ";
 	const char row[] = "\nro-sections-are-writable: ";
 	const char hasmap[] = "\nhas-memory-attribute-protocol: ";
+	const char hasdxeservices[] = "\nhas-dxe-services-table: ";
+	const char hasdsgmsd[] = "\nhas-get-memory-space-descriptor: ";
+	const char hasdssmsa[] = "\nhas-set-memory-space-attributes: ";
 	const char finale[] = "\n";
 	char *pos;
 
@@ -51,6 +54,8 @@ format_hsi_status(UINT8 *buf, size_t sz,
 	 */
 	UINTN ret = sizeof(heapx) + sizeof(stackx) +
 		    sizeof(row) + sizeof(hasmap) +
+		    sizeof(hasdxeservices) + sizeof(hasdsgmsd) +
+		    sizeof(hasdssmsa) +
 		    sizeof(finale);
 
 	if (buf == 0 || sz < ret) {
@@ -67,6 +72,12 @@ format_hsi_status(UINT8 *buf, size_t sz,
 	pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_ROW) ? "1" : "0");
 	pos = stpcpy(pos, hasmap);
 	pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASMAP) ? "1" : "0");
+	pos = stpcpy(pos, hasdxeservices);
+	pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASDST) ? "1" : "0");
+	pos = stpcpy(pos, hasdsgmsd);
+	pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASDSTGMSD) ? "1" : "0");
+	pos = stpcpy(pos, hasdssmsa);
+	pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASDSTSMSA) ? "1" : "0");
 	stpcpy(pos, finale);
 
 	return ret;