Mirrors/Ventoy
1
0
Fork 0
mirror of https://github.com/ventoy/Ventoy.git synced 2026-06-29 14:38:12 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Optimization for Secure Boot process.

Browse Source
This commit is contained in:
longpanda
2026-06-25 22:36:33 +08:00
parent 2f66a309e4
commit 083e5f72ea
1 changed files with 53 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c
View File

@@ -46,6 +46,10 @@ STATIC SHIM_LOCK gShimLock;
STATIC EFI_EXIT_BOOT_SERVICES gSysExitBootServices = NULL; STATIC EFI_EXIT_BOOT_SERVICES gSysExitBootServices = NULL;
STATIC EFI_GET_VARIABLE gSysGetVariable = NULL; STATIC EFI_GET_VARIABLE gSysGetVariable = NULL;
STATIC VOID EFIAPI HookSystemService(VOID);
STATIC VOID EFIAPI UnHookSystemService(VOID);
STATIC VOID EFIAPI VtoyLog(CONST CHAR16 *Format, ...) STATIC VOID EFIAPI VtoyLog(CONST CHAR16 *Format, ...)
{ {
VA_LIST Marker; VA_LIST Marker;
@@ -432,6 +436,7 @@ STATIC EFI_STATUS EFIAPI Security2PolicyAuth
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/* /*
* Step 1: * Step 1:
* Use original UEFI firmware auth API. * Use original UEFI firmware auth API.
@@ -623,9 +628,7 @@ STATIC BOOLEAN EFIAPI IsSetupMode(VOID)
STATIC EFI_STATUS EFIAPI ShimEfiMain STATIC EFI_STATUS EFIAPI ShimEfiMain
( (
IN EFI_HANDLE ImageHandle, IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable, IN EFI_SYSTEM_TABLE *SystemTable
IN BOOLEAN IsSecureBoot,
IN BOOLEAN IsSetup
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
@@ -633,17 +636,6 @@ STATIC EFI_STATUS EFIAPI ShimEfiMain
shim_void_func_pf Func1 = NULL; shim_void_func_pf Func1 = NULL;
shim_void_func_pf Func2 = NULL; shim_void_func_pf Func2 = NULL;
/* If secure boot is not enabled or in SetupMode, nothing needed, just launch Ventoy grub */
if (!IsSecureBoot || IsSetup)
{
Status = LaunchRealGrub(ImageHandle, REAL_GRUB_FILE);
if (EFI_ERROR(Status))
{
vErr(L"Failed to launch %s", REAL_GRUB_FILE);
}
return Status;
}
/* We must be launched by shim */ /* We must be launched by shim */
Status = gBS->LocateProtocol(&gShimLockGUID, NULL, (VOID**)&ShimLock); Status = gBS->LocateProtocol(&gShimLockGUID, NULL, (VOID**)&ShimLock);
if (EFI_ERROR(Status) || !ShimLock) if (EFI_ERROR(Status) || !ShimLock)
@@ -691,6 +683,7 @@ STATIC EFI_STATUS EFIAPI ShimEfiMain
Func1(); /* call shim unhook_system_services() */ Func1(); /* call shim unhook_system_services() */
Func2(); /* call shim uninstall_shim_protocols() */ Func2(); /* call shim uninstall_shim_protocols() */
HookSystemService();
/* Hook the system security policy */ /* Hook the system security policy */
Status = HookSecurityPolicy(); Status = HookSecurityPolicy();
@@ -715,24 +708,11 @@ END:
UnInstallVtoyShimProtocol(); UnInstallVtoyShimProtocol();
UnHookSystemService();
return Status; return Status;
} }
STATIC EFI_STATUS EFIAPI VtoyExitBootServices
(
IN EFI_HANDLE ImageHandle,
IN UINTN MapKey
)
{
UnHookSecurityPolicy();
UnInstallVtoyShimProtocol();
gST->RuntimeServices->GetVariable = gSysGetVariable;
gBS->ExitBootServices = gSysExitBootServices;
return gSysExitBootServices(ImageHandle, MapKey);
}
EFI_STATUS EFIAPI VtoyGetVariable EFI_STATUS EFIAPI VtoyGetVariable
( (
IN CHAR16 *VariableName, IN CHAR16 *VariableName,
@@ -763,6 +743,43 @@ EFI_STATUS EFIAPI VtoyGetVariable
return Status; return Status;
} }
STATIC VOID EFIAPI UnHookSystemService(VOID)
{
if (gSysExitBootServices)
{
gBS->ExitBootServices = gSysExitBootServices;
gSysExitBootServices = NULL;
}
if (gSysGetVariable)
{
gST->RuntimeServices->GetVariable = gSysGetVariable;
gSysGetVariable = NULL;
}
}
STATIC EFI_STATUS EFIAPI VtoyExitBootServices
(
IN EFI_HANDLE ImageHandle,
IN UINTN MapKey
)
{
UnHookSecurityPolicy();
UnInstallVtoyShimProtocol();
UnHookSystemService();
return gSysExitBootServices(ImageHandle, MapKey);
}
STATIC VOID EFIAPI HookSystemService(VOID)
{
gSysExitBootServices = gBS->ExitBootServices;
gBS->ExitBootServices = VtoyExitBootServices;
gSysGetVariable = gST->RuntimeServices->GetVariable;
gST->RuntimeServices->GetVariable = VtoyGetVariable;
}
EFI_STATUS EFIAPI VtoyShimEfiMain EFI_STATUS EFIAPI VtoyShimEfiMain
( (
@@ -779,20 +796,16 @@ EFI_STATUS EFIAPI VtoyShimEfiMain
if (!IsSecureBoot || IsSetup) if (!IsSecureBoot || IsSetup)
{ {
Status = ShimEfiMain(ImageHandle, SystemTable, IsSecureBoot, IsSetup); /* If secure boot is not enabled or in SetupMode, nothing needed, just launch Ventoy grub */
Status = LaunchRealGrub(ImageHandle, REAL_GRUB_FILE);
if (EFI_ERROR(Status))
{
vErr(L"Failed to launch %s", REAL_GRUB_FILE);
}
} }
else else
{ {
gSysExitBootServices = gBS->ExitBootServices; Status = ShimEfiMain(ImageHandle, SystemTable);
gBS->ExitBootServices = VtoyExitBootServices;
gSysGetVariable = gST->RuntimeServices->GetVariable;
gST->RuntimeServices->GetVariable = VtoyGetVariable;
Status = ShimEfiMain(ImageHandle, SystemTable, IsSecureBoot, IsSetup);
gBS->ExitBootServices = gSysExitBootServices;
gST->RuntimeServices->GetVariable = gSysGetVariable;
} }
return Status; return Status;