--- /dev/null
+/** @file\r
+ Provides a functions to enroll keys based on default values.\r
+\r
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>\r
+Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>\r
+Copyright (c) 2021, Semihalf All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef SECURE_BOOT_VARIABLE_PROVISION_LIB_H_\r
+#define SECURE_BOOT_VARIABLE_PROVISION_LIB_H_\r
+\r
+/**\r
+ Sets the content of the 'db' variable based on 'dbDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()\r
+--*/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollDbFromDefault (\r
+ VOID\r
+);\r
+\r
+/**\r
+ Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()\r
+--*/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollDbxFromDefault (\r
+ VOID\r
+);\r
+\r
+/**\r
+ Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()\r
+--*/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollDbtFromDefault (\r
+ VOID\r
+);\r
+\r
+/**\r
+ Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()\r
+--*/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollKEKFromDefault (\r
+ VOID\r
+);\r
+\r
+/**\r
+ Sets the content of the 'PK' variable based on 'PKDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()\r
+--*/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollPKFromDefault (\r
+ VOID\r
+);\r
+\r
+/**\r
+ Initializes PKDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+--*/\r
+EFI_STATUS\r
+SecureBootInitPKDefault (\r
+ IN VOID\r
+ );\r
+\r
+/**\r
+ Initializes KEKDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+--*/\r
+EFI_STATUS\r
+SecureBootInitKEKDefault (\r
+ IN VOID\r
+ );\r
+\r
+/**\r
+ Initializes dbDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+--*/\r
+EFI_STATUS\r
+SecureBootInitDbDefault (\r
+ IN VOID\r
+ );\r
+\r
+/**\r
+ Initializes dbtDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+--*/\r
+EFI_STATUS\r
+SecureBootInitDbtDefault (\r
+ IN VOID\r
+ );\r
+\r
+/**\r
+ Initializes dbxDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+--*/\r
+EFI_STATUS\r
+SecureBootInitDbxDefault (\r
+ IN VOID\r
+ );\r
+#endif\r
--- /dev/null
+/** @file\r
+ This library provides functions to set/clear Secure Boot\r
+ keys and databases.\r
+\r
+ Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ (C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>\r
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>\r
+ Copyright (c) 2021, Semihalf All rights reserved.<BR>\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+**/\r
+#include <Guid/GlobalVariable.h>\r
+#include <Guid/AuthenticatedVariableFormat.h>\r
+#include <Guid/ImageAuthentication.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/SecureBootVariableLib.h>\r
+#include <Library/SecureBootVariableProvisionLib.h>\r
+\r
+/**\r
+ Enroll a key/certificate based on a default variable.\r
+\r
+ @param[in] VariableName The name of the key/database.\r
+ @param[in] DefaultName The name of the default variable.\r
+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable\r
+\r
+ @retval EFI_OUT_OF_RESOURCES Out of memory while allocating AuthHeader.\r
+ @retval EFI_SUCCESS Successful enrollment.\r
+ @return Error codes from GetTime () and SetVariable ().\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+EnrollFromDefault (\r
+ IN CHAR16 *VariableName,\r
+ IN CHAR16 *DefaultName,\r
+ IN EFI_GUID *VendorGuid\r
+ )\r
+{\r
+ VOID *Data;\r
+ UINTN DataSize;\r
+ EFI_STATUS Status;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
+ DataSize = 0;\r
+ Status = GetVariable2 (DefaultName, &gEfiGlobalVariableGuid, &Data, &DataSize);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "error: GetVariable (\"%s): %r\n", DefaultName, Status));\r
+ return Status;\r
+ }\r
+\r
+ CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Allocate memory for auth variable\r
+ //\r
+ Status = gRT->SetVariable (\r
+ VariableName,\r
+ VendorGuid,\r
+ (EFI_VARIABLE_NON_VOLATILE |\r
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |\r
+ EFI_VARIABLE_RUNTIME_ACCESS |\r
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),\r
+ DataSize,\r
+ Data\r
+ );\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName,\r
+ VendorGuid, Status));\r
+ }\r
+\r
+ if (Data != NULL) {\r
+ FreePool (Data);\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/** Initializes PKDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+**/\r
+EFI_STATUS\r
+SecureBootInitPKDefault (\r
+ IN VOID\r
+ )\r
+{\r
+ EFI_SIGNATURE_LIST *EfiSig;\r
+ UINTN SigListsSize;\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+\r
+ //\r
+ // Check if variable exists, if so do not change it\r
+ //\r
+ Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
+ if (Status == EFI_SUCCESS) {\r
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME));\r
+ FreePool (Data);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Variable does not exist, can be initialized\r
+ //\r
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PK_DEFAULT_VARIABLE_NAME));\r
+\r
+ Status = SecureBootFetchData (&gDefaultPKFileGuid, &SigListsSize, &EfiSig);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_PK_DEFAULT_VARIABLE_NAME));\r
+ return Status;\r
+ }\r
+\r
+ Status = gRT->SetVariable (\r
+ EFI_PK_DEFAULT_VARIABLE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+ SigListsSize,\r
+ (VOID *)EfiSig\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_PK_DEFAULT_VARIABLE_NAME));\r
+ }\r
+\r
+ FreePool (EfiSig);\r
+\r
+ return Status;\r
+}\r
+\r
+/** Initializes KEKDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+**/\r
+EFI_STATUS\r
+SecureBootInitKEKDefault (\r
+ IN VOID\r
+ )\r
+{\r
+ EFI_SIGNATURE_LIST *EfiSig;\r
+ UINTN SigListsSize;\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+\r
+ //\r
+ // Check if variable exists, if so do not change it\r
+ //\r
+ Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
+ if (Status == EFI_SUCCESS) {\r
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME));\r
+ FreePool (Data);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Variable does not exist, can be initialized\r
+ //\r
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_KEK_DEFAULT_VARIABLE_NAME));\r
+\r
+ Status = SecureBootFetchData (&gDefaultKEKFileGuid, &SigListsSize, &EfiSig);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_KEK_DEFAULT_VARIABLE_NAME));\r
+ return Status;\r
+ }\r
+\r
+\r
+ Status = gRT->SetVariable (\r
+ EFI_KEK_DEFAULT_VARIABLE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+ SigListsSize,\r
+ (VOID *)EfiSig\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_KEK_DEFAULT_VARIABLE_NAME));\r
+ }\r
+\r
+ FreePool (EfiSig);\r
+\r
+ return Status;\r
+}\r
+\r
+/** Initializes dbDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+**/\r
+EFI_STATUS\r
+SecureBootInitDbDefault (\r
+ IN VOID\r
+ )\r
+{\r
+ EFI_SIGNATURE_LIST *EfiSig;\r
+ UINTN SigListsSize;\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+\r
+ Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
+ if (Status == EFI_SUCCESS) {\r
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME));\r
+ FreePool (Data);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ return Status;\r
+ }\r
+\r
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DB_DEFAULT_VARIABLE_NAME));\r
+\r
+ Status = SecureBootFetchData (&gDefaultdbFileGuid, &SigListsSize, &EfiSig);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ Status = gRT->SetVariable (\r
+ EFI_DB_DEFAULT_VARIABLE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+ SigListsSize,\r
+ (VOID *)EfiSig\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DB_DEFAULT_VARIABLE_NAME));\r
+ }\r
+\r
+ FreePool (EfiSig);\r
+\r
+ return Status;\r
+}\r
+\r
+/** Initializes dbxDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+**/\r
+EFI_STATUS\r
+SecureBootInitDbxDefault (\r
+ IN VOID\r
+ )\r
+{\r
+ EFI_SIGNATURE_LIST *EfiSig;\r
+ UINTN SigListsSize;\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+\r
+ //\r
+ // Check if variable exists, if so do not change it\r
+ //\r
+ Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
+ if (Status == EFI_SUCCESS) {\r
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME));\r
+ FreePool (Data);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Variable does not exist, can be initialized\r
+ //\r
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBX_DEFAULT_VARIABLE_NAME));\r
+\r
+ Status = SecureBootFetchData (&gDefaultdbxFileGuid, &SigListsSize, &EfiSig);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_DBX_DEFAULT_VARIABLE_NAME));\r
+ return Status;\r
+ }\r
+\r
+ Status = gRT->SetVariable (\r
+ EFI_DBX_DEFAULT_VARIABLE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+ SigListsSize,\r
+ (VOID *)EfiSig\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBX_DEFAULT_VARIABLE_NAME));\r
+ }\r
+\r
+ FreePool (EfiSig);\r
+\r
+ return Status;\r
+}\r
+\r
+/** Initializes dbtDefault variable with data from FFS section.\r
+\r
+ @retval EFI_SUCCESS Variable was initialized successfully.\r
+ @retval EFI_UNSUPPORTED Variable already exists.\r
+**/\r
+EFI_STATUS\r
+SecureBootInitDbtDefault (\r
+ IN VOID\r
+ )\r
+{\r
+ EFI_SIGNATURE_LIST *EfiSig;\r
+ UINTN SigListsSize;\r
+ EFI_STATUS Status;\r
+ UINT8 *Data;\r
+ UINTN DataSize;\r
+\r
+ //\r
+ // Check if variable exists, if so do not change it\r
+ //\r
+ Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
+ if (Status == EFI_SUCCESS) {\r
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME));\r
+ FreePool (Data);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {\r
+ return Status;\r
+ }\r
+\r
+ //\r
+ // Variable does not exist, can be initialized\r
+ //\r
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBT_DEFAULT_VARIABLE_NAME));\r
+\r
+ Status = SecureBootFetchData (&gDefaultdbtFileGuid, &SigListsSize, &EfiSig);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ Status = gRT->SetVariable (\r
+ EFI_DBT_DEFAULT_VARIABLE_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
+ SigListsSize,\r
+ (VOID *)EfiSig\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBT_DEFAULT_VARIABLE_NAME));\r
+ }\r
+\r
+ FreePool (EfiSig);\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Sets the content of the 'db' variable based on 'dbDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollDbFromDefault (\r
+ VOID\r
+)\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Status = EnrollFromDefault (\r
+ EFI_IMAGE_SECURITY_DATABASE,\r
+ EFI_DB_DEFAULT_VARIABLE_NAME,\r
+ &gEfiImageSecurityDatabaseGuid\r
+ );\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollDbxFromDefault (\r
+ VOID\r
+)\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Status = EnrollFromDefault (\r
+ EFI_IMAGE_SECURITY_DATABASE1,\r
+ EFI_DBX_DEFAULT_VARIABLE_NAME,\r
+ &gEfiImageSecurityDatabaseGuid\r
+ );\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollDbtFromDefault (\r
+ VOID\r
+)\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Status = EnrollFromDefault (\r
+ EFI_IMAGE_SECURITY_DATABASE2,\r
+ EFI_DBT_DEFAULT_VARIABLE_NAME,\r
+ &gEfiImageSecurityDatabaseGuid);\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollKEKFromDefault (\r
+ VOID\r
+)\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Status = EnrollFromDefault (\r
+ EFI_KEY_EXCHANGE_KEY_NAME,\r
+ EFI_KEK_DEFAULT_VARIABLE_NAME,\r
+ &gEfiGlobalVariableGuid\r
+ );\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.\r
+\r
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails\r
+ while VendorGuid is NULL.\r
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EnrollPKFromDefault (\r
+ VOID\r
+)\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Status = EnrollFromDefault (\r
+ EFI_PLATFORM_KEY_NAME,\r
+ EFI_PK_DEFAULT_VARIABLE_NAME,\r
+ &gEfiGlobalVariableGuid\r
+ );\r
+\r
+ return Status;\r
+}\r