mirror of
https://github.com/ventoy/Ventoy.git
synced 2026-06-29 06:28:13 +00:00
Optimization for secure boot process.
This commit is contained in:
longpanda
@@ -1231,65 +1231,6 @@ EFI_STATUS EFIAPI ventoy_boot(IN EFI_HANDLE ImageHandle)
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
#if defined (MDE_CPU_X64)
|
||||
|
||||
STATIC BOOLEAN EFIAPI IsSecureBootEnabled(VOID)
|
||||
{
|
||||
UINT8 SecureBoot = 0;
|
||||
UINTN DataSize;
|
||||
EFI_STATUS Status;
|
||||
|
||||
DataSize = sizeof(SecureBoot);
|
||||
Status = gST->RuntimeServices->GetVariable(L"SecureBoot", &gEfiGlobalVariableGuid, NULL,
|
||||
&DataSize, &SecureBoot);
|
||||
if (EFI_ERROR(Status))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return SecureBoot ? TRUE : FALSE;
|
||||
}
|
||||
|
||||
STATIC BOOLEAN EFIAPI IsSetupMode(VOID)
|
||||
{
|
||||
UINT8 SetupMode = 0;
|
||||
UINTN DataSize;
|
||||
EFI_STATUS Status;
|
||||
|
||||
DataSize = sizeof(SetupMode);
|
||||
Status = gST->RuntimeServices->GetVariable(L"SetupMode", &gEfiGlobalVariableGuid, NULL,
|
||||
&DataSize, &SetupMode);
|
||||
if (EFI_ERROR(Status))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return SetupMode ? TRUE : FALSE;
|
||||
}
|
||||
|
||||
STATIC BOOLEAN EFIAPI CheckVtoyShim(VOID)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
EFI_GUID Guid = VTOY_SHIM_POLICY_GUID;
|
||||
VOID *Prot = NULL;
|
||||
|
||||
/* If secure boot is not enabled or in SetupMode, nothing needed */
|
||||
if (!IsSecureBootEnabled() || IsSetupMode())
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
Status = gBS->LocateProtocol(&Guid, NULL, (VOID**)&Prot);
|
||||
if (EFI_ERROR(Status))
|
||||
{
|
||||
VtoyDebug("Failed to locate Vtoy Shim Protocol %lx\r\n", Status);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
#endif
|
||||
|
||||
EFI_STATUS EFIAPI VentoyEfiMain
|
||||
(
|
||||
IN EFI_HANDLE ImageHandle,
|
||||
@@ -1299,15 +1240,6 @@ EFI_STATUS EFIAPI VentoyEfiMain
|
||||
EFI_STATUS Status = EFI_SUCCESS;
|
||||
EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *Protocol;
|
||||
|
||||
#if defined (MDE_CPU_X64)
|
||||
/* check that Ventoy Shim must exist */
|
||||
if (!CheckVtoyShim())
|
||||
{
|
||||
sleep(5);
|
||||
return EFI_NOT_FOUND;
|
||||
}
|
||||
#endif
|
||||
|
||||
g_sector_flag_num = 512; /* initial value */
|
||||
|
||||
g_sector_flag = AllocatePool(g_sector_flag_num * sizeof(ventoy_sector_flag));
|
||||
|
||||
@@ -145,66 +145,6 @@ STATIC EFI_STATUS ParseCmdline(IN EFI_HANDLE ImageHandle)
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
#if defined (MDE_CPU_X64)
|
||||
|
||||
STATIC BOOLEAN EFIAPI IsSecureBootEnabled(VOID)
|
||||
{
|
||||
UINT8 SecureBoot = 0;
|
||||
UINTN DataSize;
|
||||
EFI_STATUS Status;
|
||||
|
||||
DataSize = sizeof(SecureBoot);
|
||||
Status = gST->RuntimeServices->GetVariable(L"SecureBoot", &gEfiGlobalVariableGuid, NULL,
|
||||
&DataSize, &SecureBoot);
|
||||
if (EFI_ERROR(Status))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return SecureBoot ? TRUE : FALSE;
|
||||
}
|
||||
|
||||
STATIC BOOLEAN EFIAPI IsSetupMode(VOID)
|
||||
{
|
||||
UINT8 SetupMode = 0;
|
||||
UINTN DataSize;
|
||||
EFI_STATUS Status;
|
||||
|
||||
DataSize = sizeof(SetupMode);
|
||||
Status = gST->RuntimeServices->GetVariable(L"SetupMode", &gEfiGlobalVariableGuid, NULL,
|
||||
&DataSize, &SetupMode);
|
||||
if (EFI_ERROR(Status))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return SetupMode ? TRUE : FALSE;
|
||||
}
|
||||
|
||||
|
||||
STATIC BOOLEAN EFIAPI CheckVtoyShim(VOID)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
EFI_GUID Guid = VTOY_SHIM_POLICY_GUID;
|
||||
VOID *Prot = NULL;
|
||||
|
||||
/* If secure boot is not enabled or in SetupMode, nothing needed */
|
||||
if (!IsSecureBootEnabled() || IsSetupMode())
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
Status = gBS->LocateProtocol(&Guid, NULL, (VOID**)&Prot);
|
||||
if (EFI_ERROR(Status))
|
||||
{
|
||||
gST->ConOut->OutputString(gST->ConOut, L"Can not locate Vtoy Shim\r\n");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
#endif
|
||||
|
||||
EFI_STATUS EFIAPI VtoyUtilEfiMain
|
||||
(
|
||||
IN EFI_HANDLE ImageHandle,
|
||||
@@ -214,15 +154,6 @@ EFI_STATUS EFIAPI VtoyUtilEfiMain
|
||||
UINTN i;
|
||||
UINTN Len;
|
||||
|
||||
#if defined (MDE_CPU_X64)
|
||||
/* check that Ventoy Shim must exist */
|
||||
if (!CheckVtoyShim())
|
||||
{
|
||||
gBS->Stall(5 * 1000000);
|
||||
return EFI_NOT_FOUND;
|
||||
}
|
||||
#endif
|
||||
|
||||
ParseCmdline(ImageHandle);
|
||||
|
||||
for (i = 0; gCurFeature && i < ARRAY_SIZE(gFeatureList); i++)
|
||||
|
||||
@@ -418,29 +418,25 @@ static int ventoy_secure_boot_init(void)
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* When SecureBoot enabled, Ventoy grub must be launched by Ventoy Shim.
|
||||
* Currently only x86_64 support this feature.
|
||||
*/
|
||||
if (g_ventoy_plat_data == VTOY_PLAT_X86_64_UEFI)
|
||||
{
|
||||
g_vtoy_shim = grub_efi_locate_protocol(&ProtGuid, NULL);
|
||||
if (g_vtoy_shim == NULL || g_vtoy_shim->ByPassSB == NULL ||
|
||||
g_vtoy_shim->CheckSB == NULL || g_vtoy_shim->Launched == NULL)
|
||||
{
|
||||
grub_cls();
|
||||
grub_printf(VTOY_WARNING"\n");
|
||||
grub_printf(VTOY_WARNING"\n");
|
||||
grub_printf(VTOY_WARNING"\n\n\n");
|
||||
|
||||
grub_printf("Ventoy grub is not launched by Ventoy shim.\n\n");
|
||||
grub_refresh();
|
||||
|
||||
ventoy_prompt_end();
|
||||
/*
|
||||
* Generally when SecureBoot enabled, Ventoy grub must be launched by Ventoy Shim.
|
||||
* But there are some exceptions:
|
||||
* 1. Ventoy key was enrolled directly to the UEFI DB
|
||||
* 2. Some UEFI firmware (MSI) has Image Execution Policy as Always Execute which
|
||||
* means Secure Boot is effectively disabled.
|
||||
*/
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
g_vtoy_shim->Launched();
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user