Mirrors/Ventoy
1
0
Fork 0
mirror of https://github.com/ventoy/Ventoy.git synced 2026-06-29 14:38:12 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Optimization for secure boot process.
Some checks failed
Ventoy CI / build (push) Has been cancelled
Details
Mirror GitHub to Gitee / Sync-GitHub-to-Gitee (push) Has been cancelled
Details

Browse Source
This commit is contained in:
longpanda
2026-06-26 18:08:39 +08:00
parent 05d10437b0
commit 9bf8393cdf
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c
View File

@@ -34,6 +34,7 @@
#define CUR_SBAT_VER 1 #define CUR_SBAT_VER 1
STATIC BOOLEAN gPolicySetFlag = FALSE;
STATIC EFI_GUID gVtoySbatGUID = { 0xf755068a, 0xe04f, 0x452b, { 0x9d, 0x6d, 0x7c, 0x55, 0x96, 0xb3, 0xc0, 0x7d }}; STATIC EFI_GUID gVtoySbatGUID = { 0xf755068a, 0xe04f, 0x452b, { 0x9d, 0x6d, 0x7c, 0x55, 0x96, 0xb3, 0xc0, 0x7d }};
STATIC EFI_GUID gShimLockGUID = SHIM_LOCK_GUID; STATIC EFI_GUID gShimLockGUID = SHIM_LOCK_GUID;
STATIC EFI_SECURITY_FILE_AUTHENTICATION_STATE gSysSecFileAuth = NULL; STATIC EFI_SECURITY_FILE_AUTHENTICATION_STATE gSysSecFileAuth = NULL;
@@ -374,6 +375,11 @@ STATIC EFI_STATUS EFIAPI SecurityPolicyAuth
return EFI_SUCCESS; return EFI_SUCCESS;
} }
if (!gPolicySetFlag)
{
goto SHIM_CHECK;
}
/* /*
* Step 1: * Step 1:
* Use original UEFI firmware auth API. * Use original UEFI firmware auth API.
@@ -389,6 +395,8 @@ STATIC EFI_STATUS EFIAPI SecurityPolicyAuth
} }
SHIM_CHECK:
/* /*
* Step 2: * Step 2:
* Use shim verify API. * Use shim verify API.
@@ -436,6 +444,10 @@ STATIC EFI_STATUS EFIAPI Security2PolicyAuth
return EFI_SUCCESS; return EFI_SUCCESS;
} }
if (!gPolicySetFlag)
{
goto SHIM_CHECK;
}
/* /*
* Step 1: * Step 1:
@@ -452,6 +464,7 @@ STATIC EFI_STATUS EFIAPI Security2PolicyAuth
} }
SHIM_CHECK:
/* /*
* Step 2: * Step 2:
* Use shim verify API. * Use shim verify API.
@@ -546,11 +559,13 @@ STATIC VOID EFIAPI UnHookSecurityPolicy(VOID)
STATIC VOID EFIAPI VtoyByPassSB(VOID) STATIC VOID EFIAPI VtoyByPassSB(VOID)
{ {
gPolicySetFlag = TRUE;
gVtoyByPassSB = TRUE; gVtoyByPassSB = TRUE;
} }
STATIC VOID EFIAPI VtoyCheckSB(VOID) STATIC VOID EFIAPI VtoyCheckSB(VOID)
{ {
gPolicySetFlag = TRUE;
gVtoyByPassSB = FALSE; gVtoyByPassSB = FALSE;
} }
@@ -693,6 +708,7 @@ STATIC EFI_STATUS EFIAPI ShimEfiMain
goto END; goto END;
} }
/* Finally launch Ventoy grub */ /* Finally launch Ventoy grub */
Status = LaunchRealGrub(ImageHandle, REAL_GRUB_FILE); Status = LaunchRealGrub(ImageHandle, REAL_GRUB_FILE);
if (EFI_ERROR(Status)) if (EFI_ERROR(Status))
@@ -765,11 +781,16 @@ STATIC EFI_STATUS EFIAPI VtoyExitBootServices
IN UINTN MapKey IN UINTN MapKey
) )
{ {
EFI_EXIT_BOOT_SERVICES SysExitBS;
/* UnHookSystemService will set gSysExitBootServices NULL */
SysExitBS = gSysExitBootServices;
UnHookSecurityPolicy(); UnHookSecurityPolicy();
UnInstallVtoyShimProtocol(); UnInstallVtoyShimProtocol();
UnHookSystemService(); UnHookSystemService();
return gSysExitBootServices(ImageHandle, MapKey); return SysExitBS(ImageHandle, MapKey);
} }
STATIC VOID EFIAPI HookSystemService(VOID) STATIC VOID EFIAPI HookSystemService(VOID)

1
EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.h
View File

@@ -88,6 +88,7 @@ typedef VOID (*shim_void_func_pf)(VOID);
#define VtoySleep(sec) gBS->Stall(1000000 * (sec)) #define VtoySleep(sec) gBS->Stall(1000000 * (sec))
#define vLog(fmt, ...) VtoyLog(fmt "\r\n", ##__VA_ARGS__) #define vLog(fmt, ...) VtoyLog(fmt "\r\n", ##__VA_ARGS__)
#define vErr(fmt, ...) VtoyLog(fmt "\r\n", ##__VA_ARGS__); VtoySleep(5) #define vErr(fmt, ...) VtoyLog(fmt "\r\n", ##__VA_ARGS__); VtoySleep(5)
#define vDbg(fmt, ...) VtoyLog(fmt "\r\n", ##__VA_ARGS__); VtoySleep(2)
#define CheckFreePool(p) \ #define CheckFreePool(p) \
do { \ do { \