#include <efilib.h>
#include <Library/BaseCryptLib.h>
#include "PeImage.h"
+#include "shim.h"
#define SECOND_STAGE L"grub.efi"
/*
* Check that the signature is valid and matches the binary
*/
-static EFI_STATUS verify_grub (PE_COFF_LOADER_IMAGE_CONTEXT *context,
- char *grubdata, int grubsize)
+static EFI_STATUS verify_grub (char *grubdata, int grubsize,
+ PE_COFF_LOADER_IMAGE_CONTEXT *context)
{
unsigned int size = grubsize;
unsigned int ctxsize;
return efi_status;
}
- efi_status = verify_grub(&context, grubdata, grubsize);
+ efi_status = verify_grub(grubdata, grubsize, &context);
if (efi_status != EFI_SUCCESS) {
Print(L"Verification failed\n");
return EFI_SUCCESS;
}
+EFI_STATUS verify_buffer (void *buffer, int size)
+{
+ EFI_STATUS status;
+ PE_COFF_LOADER_IMAGE_CONTEXT context;
+
+ status = read_header(buffer, &context);
+
+ if (status != EFI_SUCCESS)
+ return status;
+
+ status = verify_grub(buffer, size, &context);
+
+ return status;
+}
+
EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
{
EFI_STATUS efi_status;
+ EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
void *grubdata;
int grubsize;
+ static SHIM_LOCK shim_lock_interface;
+ EFI_HANDLE handle = NULL;
+
+ shim_lock_interface.Verify = verify_buffer;
systab = passed_systab;
InitializeLib(image_handle, systab);
+ efi_status = uefi_call_wrapper(BS->InstallProtocolInterface, 4,
+ &handle, &shim_lock_guid,
+ EFI_NATIVE_INTERFACE,
+ &shim_lock_interface);
+
efi_status = load_grub(image_handle, &grubdata, &grubsize);
if (efi_status != EFI_SUCCESS) {
--- /dev/null
+#define SHIM_LOCK_GUID \
+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
+
+INTERFACE_DECL(_SHIM_LOCK);
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_SHIM_LOCK_VERIFY) (
+ IN VOID *buffer;
+ IN UINT32 size;
+ );
+
+typedef struct _SHIM_LOCK {
+ EFI_SHIM_LOCK_VERIFY Verify;
+} SHIM_LOCK;