From 89e615081af5fbafefeae5b09def3a003e467838 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 20 Feb 2025 19:20:47 -0500 Subject: Add shim's current NX_COMPAT status to HSIStatus hughsie asked me to also make it observable at runtime whether the shim binary that was used to boot was set as NX_COMPAT or not. This adds that into the HSIStatus data as "shim-has-nx-compat-set". Signed-off-by: Peter Jones --- mok.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'mok.c') diff --git a/mok.c b/mok.c index cb70e7e2..fb4c1489 100644 --- a/mok.c +++ b/mok.c @@ -45,6 +45,7 @@ format_hsi_status(UINT8 *buf, size_t sz, const char hasdxeservices[] = "\nhas-dxe-services-table: "; const char hasdsgmsd[] = "\nhas-get-memory-space-descriptor: "; const char hasdssmsa[] = "\nhas-set-memory-space-attributes: "; + const char shimhasnx[] = "\nshim-has-nx-compat-set: "; const char finale[] = "\n"; char *pos; @@ -55,7 +56,7 @@ format_hsi_status(UINT8 *buf, size_t sz, UINTN ret = sizeof(heapx) + sizeof(stackx) + sizeof(row) + sizeof(hasmap) + sizeof(hasdxeservices) + sizeof(hasdsgmsd) + - sizeof(hasdssmsa) + + sizeof(hasdssmsa) + sizeof(shimhasnx) + sizeof(finale); if (buf == 0 || sz < ret) { @@ -78,6 +79,8 @@ format_hsi_status(UINT8 *buf, size_t sz, pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASDSTGMSD) ? "1" : "0"); pos = stpcpy(pos, hasdssmsa); pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_HASDSTSMSA) ? "1" : "0"); + pos = stpcpy(pos, shimhasnx); + pos = stpcpy(pos, (hsi_status & SHIM_HSI_STATUS_NX) ? "1" : "0"); stpcpy(pos, finale); return ret; -- cgit v1.2.3