Mirrors/Ventoy
1
0
Fork 0
mirror of https://github.com/ventoy/Ventoy.git synced 2026-06-29 14:38:12 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Optimization for secure boot process.
Some checks are pending
Ventoy CI / build (push) Waiting to run
Details
Mirror GitHub to Gitee / Sync-GitHub-to-Gitee (push) Waiting to run
Details

Browse Source
This commit is contained in:
longpanda
2026-06-29 13:46:17 +08:00
parent ba87af540b
commit a3995a0267
3 changed files with 11 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/Ventoy/Ventoy.c
View File

@@ -1231,65 +1231,6 @@ EFI_STATUS EFIAPI ventoy_boot(IN EFI_HANDLE ImageHandle)
return EFI_SUCCESS; return EFI_SUCCESS;
} }
#if defined (MDE_CPU_X64)
STATIC BOOLEAN EFIAPI IsSecureBootEnabled(VOID)
{
UINT8 SecureBoot = 0;
UINTN DataSize;
EFI_STATUS Status;
DataSize = sizeof(SecureBoot);
Status = gST->RuntimeServices->GetVariable(L"SecureBoot", &gEfiGlobalVariableGuid, NULL,
&DataSize, &SecureBoot);
if (EFI_ERROR(Status))
{
return FALSE;
}
return SecureBoot ? TRUE : FALSE;
}
STATIC BOOLEAN EFIAPI IsSetupMode(VOID)
{
UINT8 SetupMode = 0;
UINTN DataSize;
EFI_STATUS Status;
DataSize = sizeof(SetupMode);
Status = gST->RuntimeServices->GetVariable(L"SetupMode", &gEfiGlobalVariableGuid, NULL,
&DataSize, &SetupMode);
if (EFI_ERROR(Status))
{
return FALSE;
}
return SetupMode ? TRUE : FALSE;
}
STATIC BOOLEAN EFIAPI CheckVtoyShim(VOID)
{
EFI_STATUS Status;
EFI_GUID Guid = VTOY_SHIM_POLICY_GUID;
VOID *Prot = NULL;
/* If secure boot is not enabled or in SetupMode, nothing needed */
if (!IsSecureBootEnabled() || IsSetupMode())
{
return TRUE;
}
Status = gBS->LocateProtocol(&Guid, NULL, (VOID**)&Prot);
if (EFI_ERROR(Status))
{
VtoyDebug("Failed to locate Vtoy Shim Protocol %lx\r\n", Status);
return FALSE;
}
return TRUE;
}
#endif
EFI_STATUS EFIAPI VentoyEfiMain EFI_STATUS EFIAPI VentoyEfiMain
( (
IN EFI_HANDLE ImageHandle, IN EFI_HANDLE ImageHandle,
@@ -1299,15 +1240,6 @@ EFI_STATUS EFIAPI VentoyEfiMain
EFI_STATUS Status = EFI_SUCCESS; EFI_STATUS Status = EFI_SUCCESS;
EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *Protocol; EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *Protocol;
#if defined (MDE_CPU_X64)
/* check that Ventoy Shim must exist */
if (!CheckVtoyShim())
{
sleep(5);
return EFI_NOT_FOUND;
}
#endif
g_sector_flag_num = 512; /* initial value */ g_sector_flag_num = 512; /* initial value */
g_sector_flag = AllocatePool(g_sector_flag_num * sizeof(ventoy_sector_flag)); g_sector_flag = AllocatePool(g_sector_flag_num * sizeof(ventoy_sector_flag));

69
EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyUtil/VtoyUtil.c
View File

@@ -145,66 +145,6 @@ STATIC EFI_STATUS ParseCmdline(IN EFI_HANDLE ImageHandle)
return EFI_SUCCESS; return EFI_SUCCESS;
} }
#if defined (MDE_CPU_X64)
STATIC BOOLEAN EFIAPI IsSecureBootEnabled(VOID)
{
UINT8 SecureBoot = 0;
UINTN DataSize;
EFI_STATUS Status;
DataSize = sizeof(SecureBoot);
Status = gST->RuntimeServices->GetVariable(L"SecureBoot", &gEfiGlobalVariableGuid, NULL,
&DataSize, &SecureBoot);
if (EFI_ERROR(Status))
{
return FALSE;
}
return SecureBoot ? TRUE : FALSE;
}
STATIC BOOLEAN EFIAPI IsSetupMode(VOID)
{
UINT8 SetupMode = 0;
UINTN DataSize;
EFI_STATUS Status;
DataSize = sizeof(SetupMode);
Status = gST->RuntimeServices->GetVariable(L"SetupMode", &gEfiGlobalVariableGuid, NULL,
&DataSize, &SetupMode);
if (EFI_ERROR(Status))
{
return FALSE;
}
return SetupMode ? TRUE : FALSE;
}
STATIC BOOLEAN EFIAPI CheckVtoyShim(VOID)
{
EFI_STATUS Status;
EFI_GUID Guid = VTOY_SHIM_POLICY_GUID;
VOID *Prot = NULL;
/* If secure boot is not enabled or in SetupMode, nothing needed */
if (!IsSecureBootEnabled() || IsSetupMode())
{
return TRUE;
}
Status = gBS->LocateProtocol(&Guid, NULL, (VOID**)&Prot);
if (EFI_ERROR(Status))
{
gST->ConOut->OutputString(gST->ConOut, L"Can not locate Vtoy Shim\r\n");
return FALSE;
}
return TRUE;
}
#endif
EFI_STATUS EFIAPI VtoyUtilEfiMain EFI_STATUS EFIAPI VtoyUtilEfiMain
( (
IN EFI_HANDLE ImageHandle, IN EFI_HANDLE ImageHandle,
@@ -214,15 +154,6 @@ EFI_STATUS EFIAPI VtoyUtilEfiMain
UINTN i; UINTN i;
UINTN Len; UINTN Len;
#if defined (MDE_CPU_X64)
/* check that Ventoy Shim must exist */
if (!CheckVtoyShim())
{
gBS->Stall(5 * 1000000);
return EFI_NOT_FOUND;
}
#endif
ParseCmdline(ImageHandle); ParseCmdline(ImageHandle);
for (i = 0; gCurFeature && i < ARRAY_SIZE(gFeatureList); i++) for (i = 0; gCurFeature && i < ARRAY_SIZE(gFeatureList); i++)

24
GRUB2/MOD_SRC/grub-2.04/grub-core/ventoy/ventoy.c
View File

@@ -418,29 +418,25 @@ static int ventoy_secure_boot_init(void)
} }
/*
* When SecureBoot enabled, Ventoy grub must be launched by Ventoy Shim.
* Currently only x86_64 support this feature.
*/
if (g_ventoy_plat_data == VTOY_PLAT_X86_64_UEFI) if (g_ventoy_plat_data == VTOY_PLAT_X86_64_UEFI)
{ {
g_vtoy_shim = grub_efi_locate_protocol(&ProtGuid, NULL); g_vtoy_shim = grub_efi_locate_protocol(&ProtGuid, NULL);
if (g_vtoy_shim == NULL || g_vtoy_shim->ByPassSB == NULL || if (g_vtoy_shim == NULL || g_vtoy_shim->ByPassSB == NULL ||
g_vtoy_shim->CheckSB == NULL || g_vtoy_shim->Launched == NULL) g_vtoy_shim->CheckSB == NULL || g_vtoy_shim->Launched == NULL)
{ {
grub_cls(); /*
grub_printf(VTOY_WARNING"\n"); * Generally when SecureBoot enabled, Ventoy grub must be launched by Ventoy Shim.
grub_printf(VTOY_WARNING"\n"); * But there are some exceptions:
grub_printf(VTOY_WARNING"\n\n\n"); * 1. Ventoy key was enrolled directly to the UEFI DB
* 2. Some UEFI firmware (MSI) has Image Execution Policy as Always Execute which
grub_printf("Ventoy grub is not launched by Ventoy shim.\n\n"); * means Secure Boot is effectively disabled.
grub_refresh(); */
ventoy_prompt_end();
} }
else
{
g_vtoy_shim->Launched(); g_vtoy_shim->Launched();
} }
}
return 0; return 0;
} }