Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/integrity/efi_secureboot.c
170838 views
1
// SPDX-License-Identifier: GPL-1.0+

2
/*

3
 * Copyright (C) 2018 IBM Corporation

4
 */

5
#include <linux/efi.h>

6
#include <linux/secure_boot.h>

7
#include <asm/efi.h>

8


9
#ifndef arch_efi_boot_mode

10
#define arch_efi_boot_mode efi_secureboot_mode_unset

11
#endif

12


13
static enum efi_secureboot_mode get_sb_mode(void)

14
{

15
	enum efi_secureboot_mode mode;

16


17
	if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {

18
		pr_info("integrity: secureboot mode unknown, no efi\n");

19
		return efi_secureboot_mode_unknown;

20
	}

21


22
	mode = efi_get_secureboot_mode(efi.get_variable);

23
	if (mode == efi_secureboot_mode_disabled)

24
		pr_info("integrity: secureboot mode disabled\n");

25
	else if (mode == efi_secureboot_mode_unknown)

26
		pr_info("integrity: secureboot mode unknown\n");

27
	else

28
		pr_info("integrity: secureboot mode enabled\n");

29
	return mode;

30
}

31


32
/*

33
 * Query secure boot status

34
 *

35
 * Note don't call this function too early e.g. in __setup hook otherwise the

36
 * kernel may hang when calling efi_get_secureboot_mode.

37
 *

38
 */

39
bool arch_get_secureboot(void)

40
{

41
	static enum efi_secureboot_mode sb_mode;

42
	static bool initialized;

43


44
	if (!initialized && efi_enabled(EFI_BOOT)) {

45
		sb_mode = arch_efi_boot_mode;

46


47
		if (sb_mode == efi_secureboot_mode_unset)

48
			sb_mode = get_sb_mode();

49
		initialized = true;

50
	}

51


52
	if (sb_mode == efi_secureboot_mode_enabled)

53
		return true;

54
	else

55
		return false;

56
}

57


58