sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

UefiPayloadPkg: Add Secure Boot support

Browse Source 
Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
Change-Id: I4f44e29bc967b7d2208193e21aeeef8b96afcc69
This commit is contained in:
Sean Rhodes
2022-01-03 15:56:05 +00:00
committed by Tim Crawford
parent 35dde2452d
commit 2dc1e51593
14 changed files with 674 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
View File

@ -19,6 +19,7 @@
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/SecureBootVariableLib.h>
#include <Library/SecureBootVariableProvisionLib.h>
#include <Library/DxeServicesLib.h>
/**
Enroll a key/certificate based on a default variable.
@ -117,6 +118,7 @@ SecureBootInitPKDefault (
}
if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
DEBUG ((DEBUG_INFO, "Variable %s read error.\n", EFI_PK_DEFAULT_VARIABLE_NAME));
return Status;
}
@ -264,10 +266,10 @@ SecureBootInitDbxDefault (
IN VOID
)
{
EFI_SIGNATURE_LIST *EfiSig;
UINTN SigListsSize;
UINTN Size;
EFI_STATUS Status;
UINT8 *Data;
UINT8 *Data;
VOID *Buffer;
UINTN DataSize;
//
@ -289,7 +291,13 @@ SecureBootInitDbxDefault (
//
DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
Status = SecureBootFetchData (&gDefaultdbxFileGuid, &SigListsSize, &EfiSig);
Status = GetSectionFromAnyFv (
&gDefaultdbxFileGuid,
EFI_SECTION_RAW,
0,
&Buffer,
&Size
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
return Status;
@ -299,15 +307,13 @@ SecureBootInitDbxDefault (
EFI_DBX_DEFAULT_VARIABLE_NAME,
&gEfiGlobalVariableGuid,
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
SigListsSize,
(VOID *)EfiSig
Size,
(VOID *)Buffer
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
}
FreePool (EfiSig);
return Status;
}