forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2023-12-11 6778948f9de86c3cfaf36725a7c87dcff9ba247f 
 kernel/drivers/firmware/efi/libstub/secureboot.c
....@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0
12 /*
23  * Secure boot handling.
34  *
....@@ -5,9 +6,6 @@
56  *     Roy Franz <roy.franz@linaro.org
67  * Copyright (C) 2013 Red Hat, Inc.
78  *     Mark Salter <msalter@redhat.com>
8
- *
9
- * This file is part of the Linux kernel, and is made available under the
10
- * terms of the GNU General Public License version 2.
119  */
1210 #include <linux/efi.h>
1311 #include <asm/efi.h>
....@@ -21,12 +19,7 @@
2119 
2220 /* SHIM variables */
2321 static const efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
24
-static const efi_char16_t shim_MokSBState_name[] = L"MokSBState";
25
-
26
-#define get_efi_var(name, vendor, ...) \
27
-	efi_call_runtime(get_variable, \
28
-			 (efi_char16_t *)(name), (efi_guid_t *)(vendor), \
29
-			 __VA_ARGS__);
22
+static const efi_char16_t shim_MokSBState_name[] = L"MokSBStateRT";
3023 
3124 /*
3225  * Determine whether we're in secure boot mode.
....@@ -34,7 +27,7 @@
3427  * Please keep the logic in sync with
3528  * arch/x86/xen/efi.c:xen_efi_get_secureboot().
3629  */
37
-enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg)
30
+enum efi_secureboot_mode efi_get_secureboot(void)
3831 {
3932 	u32 attr;
4033 	u8 secboot, setupmode, moksbstate;
....@@ -60,8 +53,8 @@
6053 
6154 	/*
6255 	 * See if a user has put the shim into insecure mode. If so, and if the
63
-	 * variable doesn't have the runtime attribute set, we might as well
64
-	 * honor that.
56
+	 * variable doesn't have the non-volatile attribute set, we might as
57
+	 * well honor that.
6558 	 */
6659 	size = sizeof(moksbstate);
6760 	status = get_efi_var(shim_MokSBState_name, &shim_guid,
....@@ -70,14 +63,14 @@
7063 	/* If it fails, we don't care why. Default to secure */
7164 	if (status != EFI_SUCCESS)
7265 		goto secure_boot_enabled;
73
-	if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS) && moksbstate == 1)
66
+	if (!(attr & EFI_VARIABLE_NON_VOLATILE) && moksbstate == 1)
7467 		return efi_secureboot_mode_disabled;
7568 
7669 secure_boot_enabled:
77
-	pr_efi(sys_table_arg, "UEFI Secure Boot is enabled.\n");
70
+	efi_info("UEFI Secure Boot is enabled.\n");
7871 	return efi_secureboot_mode_enabled;
7972 
8073 out_efi_err:
81
-	pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n");
74
+	efi_err("Could not determine UEFI Secure Boot status.\n");
8275 	return efi_secureboot_mode_unknown;
8376 }