]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg: Apply uncrustify changes
[mirror_edk2.git] / SecurityPkg / EnrollFromDefaultKeysApp / EnrollFromDefaultKeysApp.c
1 /** @file
2 Enroll default PK, KEK, db, dbx.
3
4 Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
5 Copyright (c) 2021, Semihalf All rights reserved.<BR>
6
7 SPDX-License-Identifier: BSD-2-Clause-Patent
8 **/
9
10 #include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
11 #include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
12 #include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
13 #include <Library/BaseLib.h> // GUID_STRING_LENGTH
14 #include <Library/BaseMemoryLib.h> // CopyGuid()
15 #include <Library/DebugLib.h> // ASSERT()
16 #include <Library/MemoryAllocationLib.h> // FreePool()
17 #include <Library/PrintLib.h> // AsciiSPrint()
18 #include <Library/UefiBootServicesTableLib.h> // gBS
19 #include <Library/UefiLib.h> // AsciiPrint()
20 #include <Library/UefiRuntimeServicesTableLib.h> // gRT
21 #include <Uefi/UefiMultiPhase.h>
22 #include <Library/SecureBootVariableLib.h>
23 #include <Library/SecureBootVariableProvisionLib.h>
24
25 /**
26 Entry point function of this shell application.
27 @param[in] ImageHandle The firmware allocated handle for the EFI image.
28 @param[in] SystemTable A pointer to the EFI System Table.
29
30 @retval 0 The entry point is executed successfully.
31 @retval other Some error occurs when executing this entry point.
32 **/
33 EFI_STATUS
34 EFIAPI
35 UefiMain (
36 IN EFI_HANDLE ImageHandle,
37 IN EFI_SYSTEM_TABLE *SystemTable
38 )
39 {
40 EFI_STATUS Status;
41 UINT8 SetupMode;
42
43 Status = GetSetupMode (&SetupMode);
44 if (EFI_ERROR (Status)) {
45 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot get SetupMode variable: %r\n", Status);
46 return 1;
47 }
48
49 if (SetupMode == USER_MODE) {
50 AsciiPrint ("EnrollFromDefaultKeysApp: Skipped - USER_MODE\n");
51 return 1;
52 }
53
54 Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
55 if (EFI_ERROR (Status)) {
56 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n", Status);
57 return 1;
58 }
59
60 Status = EnrollDbFromDefault ();
61 if (EFI_ERROR (Status)) {
62 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll db: %r\n", Status);
63 goto error;
64 }
65
66 Status = EnrollDbxFromDefault ();
67 if (EFI_ERROR (Status)) {
68 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbt: %r\n", Status);
69 }
70
71 Status = EnrollDbtFromDefault ();
72 if (EFI_ERROR (Status)) {
73 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbx: %r\n", Status);
74 }
75
76 Status = EnrollKEKFromDefault ();
77 if (EFI_ERROR (Status)) {
78 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll KEK: %r\n", Status);
79 goto cleardbs;
80 }
81
82 Status = EnrollPKFromDefault ();
83 if (EFI_ERROR (Status)) {
84 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll PK: %r\n", Status);
85 goto clearKEK;
86 }
87
88 Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
89 if (EFI_ERROR (Status)) {
90 AsciiPrint (
91 "EnrollFromDefaultKeysApp: Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n"
92 "Please do it manually, otherwise system can be easily compromised\n"
93 );
94 }
95
96 return 0;
97
98 clearKEK:
99 DeleteKEK ();
100
101 cleardbs:
102 DeleteDbt ();
103 DeleteDbx ();
104 DeleteDb ();
105
106 error:
107 Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
108 if (EFI_ERROR (Status)) {
109 AsciiPrint (
110 "EnrollFromDefaultKeysApp: Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n"
111 "Please do it manually, otherwise system can be easily compromised\n"
112 );
113 }
114
115 return 1;
116 }
EFI Development Kit II mirror for PVE