1 files changed, 2 insertions, 30 deletions

diff --git a/shim.c b/shim.c
index 210e778a..14fb601c 100644
--- a/shim.c
+++ b/shim.c
@@ -475,44 +475,16 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
 
 static BOOLEAN secure_mode (void)
 {
-	EFI_STATUS status;
-	EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
-	UINTN len;
-	UINT8 *Data;
-	UINT8 sb, setupmode;
-
 	if (user_insecure_mode)
 		return FALSE;
 
-	status = get_variable(L"SecureBoot", &Data, &len, global_var);
-	if (status != EFI_SUCCESS) {
+	if (variable_is_secureboot() != 1) {
 		if (verbose && !in_protocol)
 			console_notify(L"Secure boot not enabled");
 		return FALSE;
 	}
-	sb = *Data;
-	FreePool(Data);
-
-	if (sb != 1) {
-		if (verbose && !in_protocol)
-			console_notify(L"Secure boot not enabled");
-		return FALSE;
-	}
-
-	/* If we /do/ have "SecureBoot", but /don't/ have "SetupMode",
-	 * then the implementation is bad, but we assume that secure boot is
-	 * enabled according to the status of "SecureBoot".  If we have both
-	 * of them, then "SetupMode" may tell us additional data, and we need
-	 * to consider it.
-	 */
-	status = get_variable(L"SetupMode", &Data, &len, global_var);
-	if (status != EFI_SUCCESS)
-		return TRUE;
-
-	setupmode = *Data;
-	FreePool(Data);
 
-	if (setupmode == 1) {
+	if (variable_is_setupmode() == 1) {
 		if (verbose && !in_protocol)
 			console_notify(L"Platform is in setup mode");
 		return FALSE;