2 This driver init default Secure Boot variables
4 Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
5 Copyright (c) 2021, Semihalf All rights reserved.<BR>
6 Copyright (c) 2021, Ampere Computing LLC. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #include <Guid/AuthenticatedVariableFormat.h>
11 #include <Guid/ImageAuthentication.h>
12 #include <Library/BaseLib.h>
13 #include <Library/BaseMemoryLib.h>
14 #include <Library/DebugLib.h>
15 #include <Library/MemoryAllocationLib.h>
16 #include <Library/UefiBootServicesTableLib.h>
17 #include <Library/UefiRuntimeServicesTableLib.h>
18 #include <Library/SecureBootVariableLib.h>
19 #include <Library/SecureBootVariableProvisionLib.h>
22 The entry point for SecureBootDefaultKeys driver.
24 @param[in] ImageHandle The image handle of the driver.
25 @param[in] SystemTable The system table.
27 @retval EFI_SUCCESS The secure default keys are initialized successfully.
28 @retval EFI_UNSUPPORTED One of the secure default keys already exists.
29 @retval EFI_NOT_FOUND One of the PK, KEK, or DB default keys is not found.
30 @retval Others Fail to initialize the secure default keys.
35 SecureBootDefaultKeysEntryPoint (
36 IN EFI_HANDLE ImageHandle
,
37 IN EFI_SYSTEM_TABLE
*SystemTable
42 Status
= SecureBootInitPKDefault ();
43 if (EFI_ERROR (Status
)) {
44 DEBUG((DEBUG_ERROR
, "%a: Cannot initialize PKDefault: %r\n", __FUNCTION__
, Status
));
48 Status
= SecureBootInitKEKDefault ();
49 if (EFI_ERROR (Status
)) {
50 DEBUG ((DEBUG_ERROR
, "%a: Cannot initialize KEKDefault: %r\n", __FUNCTION__
, Status
));
53 Status
= SecureBootInitDbDefault ();
54 if (EFI_ERROR (Status
)) {
55 DEBUG ((DEBUG_ERROR
, "%a: Cannot initialize dbDefault: %r\n", __FUNCTION__
, Status
));
59 Status
= SecureBootInitDbtDefault ();
60 if (Status
== EFI_NOT_FOUND
) {
61 DEBUG ((DEBUG_INFO
, "%a: dbtDefault not initialized\n", __FUNCTION__
));
62 } else if (EFI_ERROR (Status
)) {
63 DEBUG ((DEBUG_ERROR
, "%a: Cannot initialize dbtDefault: %r\n", __FUNCTION__
, Status
));
67 Status
= SecureBootInitDbxDefault ();
68 if (Status
== EFI_NOT_FOUND
) {
69 DEBUG ((DEBUG_INFO
, "%a: dbxDefault not initialized\n", __FUNCTION__
));
70 } else if (EFI_ERROR (Status
)) {
71 DEBUG ((DEBUG_ERROR
, "%a: Cannot initialize dbxDefault: %r\n", __FUNCTION__
, Status
));