Optimization for secure boot process.

2026-06-29 14:38:12 +00:00 · 2026-06-26 18:08:39 +08:00
parent 05d10437b0
commit 9bf8393cdf
2 changed files with 23 additions and 1 deletions
--- a/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c
+++ b/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c
@@ -34,6 +34,7 @@

 #define CUR_SBAT_VER    1

+STATIC BOOLEAN gPolicySetFlag = FALSE;
 STATIC EFI_GUID gVtoySbatGUID = { 0xf755068a, 0xe04f, 0x452b, { 0x9d, 0x6d, 0x7c, 0x55, 0x96, 0xb3, 0xc0, 0x7d }};
 STATIC EFI_GUID gShimLockGUID = SHIM_LOCK_GUID;
 STATIC EFI_SECURITY_FILE_AUTHENTICATION_STATE gSysSecFileAuth = NULL;
@@ -374,6 +375,11 @@ STATIC EFI_STATUS EFIAPI SecurityPolicyAuth
        return EFI_SUCCESS;
    }

+    if (!gPolicySetFlag)
+    {
+        goto SHIM_CHECK;
+    }
+
    /*
     * Step 1:
     * Use original UEFI firmware auth API.
@@ -389,6 +395,8 @@ STATIC EFI_STATUS EFIAPI SecurityPolicyAuth
    }


+SHIM_CHECK:
+
    /*
     * Step 2:
     * Use shim verify API.
@@ -436,6 +444,10 @@ STATIC EFI_STATUS EFIAPI Security2PolicyAuth
        return EFI_SUCCESS;
    }

+    if (!gPolicySetFlag)
+    {
+        goto SHIM_CHECK;
+    }

    /*
     * Step 1:
@@ -452,6 +464,7 @@ STATIC EFI_STATUS EFIAPI Security2PolicyAuth
    }


+SHIM_CHECK:
    /*
     * Step 2:
     * Use shim verify API.
@@ -546,11 +559,13 @@ STATIC VOID EFIAPI UnHookSecurityPolicy(VOID)

 STATIC VOID EFIAPI VtoyByPassSB(VOID)
 {
+    gPolicySetFlag = TRUE;
    gVtoyByPassSB = TRUE;
 }

 STATIC VOID EFIAPI VtoyCheckSB(VOID)
 {
+    gPolicySetFlag = TRUE;
    gVtoyByPassSB = FALSE;
 }

@@ -693,6 +708,7 @@ STATIC EFI_STATUS EFIAPI ShimEfiMain
        goto END;
    }

+
    /* Finally launch Ventoy grub */
    Status = LaunchRealGrub(ImageHandle, REAL_GRUB_FILE);
    if (EFI_ERROR(Status))
@@ -765,11 +781,16 @@ STATIC EFI_STATUS EFIAPI VtoyExitBootServices
    IN  UINTN       MapKey
 )
 {
+    EFI_EXIT_BOOT_SERVICES SysExitBS;
+
+    /* UnHookSystemService will set gSysExitBootServices NULL */
+    SysExitBS = gSysExitBootServices;
+
    UnHookSecurityPolicy();
    UnInstallVtoyShimProtocol();
    UnHookSystemService();

-    return gSysExitBootServices(ImageHandle, MapKey);
+    return SysExitBS(ImageHandle, MapKey);
 }

 STATIC VOID EFIAPI HookSystemService(VOID)
--- a/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.h
+++ b/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.h
@@ -88,6 +88,7 @@ typedef VOID (*shim_void_func_pf)(VOID);
 #define VtoySleep(sec)      gBS->Stall(1000000 * (sec))
 #define vLog(fmt, ...)      VtoyLog(fmt "\r\n", ##__VA_ARGS__)
 #define vErr(fmt, ...)      VtoyLog(fmt "\r\n", ##__VA_ARGS__); VtoySleep(5)
+#define vDbg(fmt, ...)      VtoyLog(fmt "\r\n", ##__VA_ARGS__); VtoySleep(2)

 #define CheckFreePool(p) \
 do { \