Install a protocol for sharing code with grub

diff --git a/shim.c b/shim.c
index f6311adaadc5b19463d187bc39f6cdf97f54cd89..edaad0e5e6f1ccaf58f5e4acb11cdd7a142864ce 100644 (file)
--- a/shim.c
+++ b/shim.c
@@ -37,6 +37,7 @@
 #include <efilib.h>
 #include <Library/BaseCryptLib.h>
 #include "PeImage.h"
+#include "shim.h"
 
 #define SECOND_STAGE L"grub.efi"
 
@@ -167,8 +168,8 @@ static EFI_STATUS relocate_grub (PE_COFF_LOADER_IMAGE_CONTEXT *context,
 /*
  * Check that the signature is valid and matches the binary
  */
-static EFI_STATUS verify_grub (PE_COFF_LOADER_IMAGE_CONTEXT *context,
-                              char *grubdata, int grubsize)
+static EFI_STATUS verify_grub (char *grubdata, int grubsize,
+                              PE_COFF_LOADER_IMAGE_CONTEXT *context)
 {
        unsigned int size = grubsize;
        unsigned int ctxsize;
@@ -413,7 +414,7 @@ static EFI_STATUS handle_grub (void *grubdata, int grubsize)
                return efi_status;
        }
 
-       efi_status = verify_grub(&context, grubdata, grubsize);
+       efi_status = verify_grub(grubdata, grubsize, &context);
 
        if (efi_status != EFI_SUCCESS) {
                Print(L"Verification failed\n");
@@ -637,16 +638,41 @@ static EFI_STATUS load_grub (EFI_HANDLE image_handle, void **grubdata,
        return EFI_SUCCESS;
 }
 
+EFI_STATUS verify_buffer (void *buffer, int size)
+{
+       EFI_STATUS status;
+       PE_COFF_LOADER_IMAGE_CONTEXT context;
+
+       status = read_header(buffer, &context);
+
+       if (status != EFI_SUCCESS)
+               return status;
+
+       status = verify_grub(buffer, size, &context);
+
+       return status;
+}
+
 EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 {
        EFI_STATUS efi_status;
+       EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
        void *grubdata;
        int grubsize;
+       static SHIM_LOCK shim_lock_interface;
+       EFI_HANDLE handle = NULL;
+
+       shim_lock_interface.Verify = verify_buffer;
 
        systab = passed_systab;
 
        InitializeLib(image_handle, systab);
 
+       efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4,
+                                      &handle, &shim_lock_guid,
+                                      EFI_NATIVE_INTERFACE,
+                                      &shim_lock_interface);
+
        efi_status = load_grub(image_handle, &grubdata, &grubsize);
 
        if (efi_status != EFI_SUCCESS) {

diff --git a/shim.h b/shim.h
new file mode 100644 (file)
index 0000000..ca325c0
--- /dev/null
+++ b/shim.h
@@ -0,0 +1,15 @@
+#define SHIM_LOCK_GUID \
+       { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
+
+INTERFACE_DECL(_SHIM_LOCK);
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SHIM_LOCK_VERIFY) (
+       IN VOID *buffer;
+       IN UINT32 size;
+       );
+
+typedef struct _SHIM_LOCK {
+       EFI_SHIM_LOCK_VERIFY Verify;
+} SHIM_LOCK;