UINT32 mMaxKeyDbSize;\r
UINT8 *mCertDbStore;\r
UINT32 mMaxCertDbSize;\r
+UINT32 mPlatformMode;\r
UINT8 mVendorKeyState;\r
\r
EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};\r
MAX_UINTN\r
}\r
},\r
- {\r
- &gEdkiiSecureBootModeGuid,\r
- L"SecureBootMode",\r
- {\r
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
- VARIABLE_ATTRIBUTE_NV_BS_RT,\r
- sizeof (UINT8),\r
- sizeof (UINT8)\r
- }\r
- }\r
};\r
\r
VOID **mAuthVarAddressPointer[10];\r
UINT8 *Data;\r
UINTN DataSize;\r
UINTN CtxSize;\r
+ UINT8 SecureBootMode;\r
+ UINT8 SecureBootEnable;\r
UINT8 CustomMode;\r
UINT32 ListSize;\r
\r
mPubKeyNumber = (UINT32) (DataSize / sizeof (AUTHVAR_KEY_DB_DATA));\r
}\r
\r
+ Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));\r
+ } else {\r
+ DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));\r
+ }\r
+\r
//\r
- // Init Secure Boot variables\r
+ // Create "SetupMode" variable with BS+RT attribute set.\r
//\r
- Status = InitSecureBootVariables ();\r
-\r
+ if (EFI_ERROR (Status)) {\r
+ mPlatformMode = SETUP_MODE;\r
+ } else {\r
+ mPlatformMode = USER_MODE;\r
+ }\r
+ Status = AuthServiceInternalUpdateVariable (\r
+ EFI_SETUP_MODE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ &mPlatformMode,\r
+ sizeof(UINT8),\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
\r
//\r
// Create "SignatureSupport" variable with BS+RT attribute set.\r
return Status;\r
}\r
\r
+ //\r
+ // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
+ // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
+ // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
+ //\r
+ SecureBootEnable = SECURE_BOOT_DISABLE;\r
+ Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);\r
+ if (!EFI_ERROR (Status)) {\r
+ if (mPlatformMode == USER_MODE){\r
+ SecureBootEnable = *(UINT8 *) Data;\r
+ }\r
+ } else if (mPlatformMode == USER_MODE) {\r
+ //\r
+ // "SecureBootEnable" not exist, initialize it in USER_MODE.\r
+ //\r
+ SecureBootEnable = SECURE_BOOT_ENABLE;\r
+ Status = AuthServiceInternalUpdateVariable (\r
+ EFI_SECURE_BOOT_ENABLE_NAME,\r
+ &gEfiSecureBootEnableDisableGuid,\r
+ &SecureBootEnable,\r
+ sizeof (UINT8),\r
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+\r
+ //\r
+ // Create "SecureBoot" variable with BS+RT attribute set.\r
+ //\r
+ if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {\r
+ SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
+ } else {\r
+ SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
+ }\r
+ Status = AuthServiceInternalUpdateVariable (\r
+ EFI_SECURE_BOOT_MODE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ &SecureBootMode,\r
+ sizeof (UINT8),\r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));\r
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));\r
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));\r
+\r
//\r
// Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.\r
//\r
{\r
EFI_STATUS Status;\r
\r
- //\r
- // Process PK, KEK, Sigdb, AuditMode, DeployedMode separately.\r
- //\r
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){\r
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);\r
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {\r
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
- } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) \r
- && (StrCmp (VariableName, EFI_AUDIT_MODE_NAME) == 0 || StrCmp (VariableName, EFI_DEPLOYED_MODE_NAME) == 0)) {\r
- Status = ProcessSecureBootModeVar(VariableName, VendorGuid, Data, DataSize, Attributes);\r
} else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&\r
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||\r
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||\r