SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.c

   1 /** @file
   2   This driver init default Secure Boot variables
   3
   4 Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
   5 Copyright (c) 2021, Semihalf All rights reserved.<BR>
   6 Copyright (c) 2021, Ampere Computing LLC. All rights reserved.<BR>
   7 SPDX-License-Identifier: BSD-2-Clause-Patent
   8
   9 **/
  10 #include <Guid/AuthenticatedVariableFormat.h>
  11 #include <Guid/ImageAuthentication.h>
  12 #include <Library/BaseLib.h>
  13 #include <Library/BaseMemoryLib.h>
  14 #include <Library/DebugLib.h>
  15 #include <Library/MemoryAllocationLib.h>
  16 #include <Library/UefiBootServicesTableLib.h>
  17 #include <Library/UefiRuntimeServicesTableLib.h>
  18 #include <Library/SecureBootVariableLib.h>
  19 #include <Library/SecureBootVariableProvisionLib.h>
  20
  21 /**
  22   The entry point for SecureBootDefaultKeys driver.
  23
  24   @param[in]  ImageHandle        The image handle of the driver.
  25   @param[in]  SystemTable        The system table.
  26
  27   @retval EFI_SUCCESS            The secure default keys are initialized successfully.
  28   @retval EFI_UNSUPPORTED        One of the secure default keys already exists.
  29   @retval EFI_NOT_FOUND          One of the PK, KEK, or DB default keys is not found.
  30   @retval Others                 Fail to initialize the secure default keys.
  31
  32 **/
  33 EFI_STATUS
  34 EFIAPI
  35 SecureBootDefaultKeysEntryPoint (
  36   IN EFI_HANDLE          ImageHandle,
  37   IN EFI_SYSTEM_TABLE    *SystemTable
  38   )
  39 {
  40   EFI_STATUS  Status;
  41
  42   Status = SecureBootInitPKDefault ();
  43   if (EFI_ERROR (Status)) {
  44     DEBUG((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__, Status));
  45     return Status;
  46   }
  47
  48   Status = SecureBootInitKEKDefault ();
  49   if (EFI_ERROR (Status)) {
  50     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __FUNCTION__, Status));
  51     return Status;
  52   }
  53   Status = SecureBootInitDbDefault ();
  54   if (EFI_ERROR (Status)) {
  55     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __FUNCTION__, Status));
  56     return Status;
  57   }
  58
  59   Status = SecureBootInitDbtDefault ();
  60   if (Status == EFI_NOT_FOUND) {
  61     DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __FUNCTION__));
  62   } else if (EFI_ERROR (Status)) {
  63     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbtDefault: %r\n", __FUNCTION__, Status));
  64     return Status;
  65   }
  66
  67   Status = SecureBootInitDbxDefault ();
  68   if (Status == EFI_NOT_FOUND) {
  69     DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __FUNCTION__));
  70   } else if (EFI_ERROR (Status)) {
  71     DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbxDefault: %r\n", __FUNCTION__, Status));
  72     return Status;
  73   }
  74
  75   return EFI_SUCCESS;
  76 }