PreLoader.c - pub/scm/linux/kernel/git/jejb/efitools - Git at Google

 /*
  * Copyright 2012 <James.Bottomley@HansenPartnership.com>
  *
  * see COPYING file
  *
  */

 #include <efi.h>
 #include <efilib.h>

 #include <console.h>
 #include <errors.h>
 #include <guid.h>
 #include <security_policy.h>
 #include <execute.h>

 #include "hashlist.h"

 CHAR16 *loader = L"loader.efi";
 CHAR16 *hashtool = L"HashTool.efi";

 EFI_STATUS
 efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
 {
 	EFI_STATUS status;
 	UINT8 SecureBoot;
 	UINTN DataSize = sizeof(SecureBoot);

 	InitializeLib(image, systab);

 	console_reset();

 	status = RT->GetVariable(L"SecureBoot",
 				 &GV_GUID, NULL, &DataSize, &SecureBoot);
 	if (status != EFI_SUCCESS) {
 		Print(L"Not a Secure Boot Platform %d\n", status);
 		goto override;
 	}

 	if (!SecureBoot) {
 		Print(L"Secure Boot Disabled\n");
 		goto override;
 	}

 	status = security_policy_install(security_policy_mok_override,
 					 security_policy_mok_allow,
 					 security_policy_mok_deny);
 	if (status != EFI_SUCCESS) {
 		console_error(L"Failed to install override security policy",
 			      status);
 		/* Don't die, just try to execute without security policy */
 		goto override;
 	}

 	/* install statically compiled in hashes */
 	security_protocol_set_hashes(_tmp_tmp_hash, _tmp_tmp_hash_len);

 	/* Check for H key being pressed */
 	if (console_check_for_keystroke('H'))
 		goto start_hashtool;

 	status = execute(image, loader);

 	if (status == EFI_SUCCESS)
 		goto out;

 	if (status != EFI_SECURITY_VIOLATION && status != EFI_ACCESS_DENIED) {
 		CHAR16 buf[256];

 		StrCpy(buf, L"Failed to start ");
 		StrCat(buf, loader);
 		console_error(buf, status);

 		goto out;
 	}

 	console_alertbox((CHAR16 *[]) {
 			L"Failed to start loader",
 			L"",
 			L"It should be called loader.efi (in the current directory)",
 			L"Please enrol its hash and try again",
 			L"",
 			L"I will now execute HashTool for you to do this",
 			NULL
 		});

 	for (;;) {
 	start_hashtool:
 		status = execute(image, hashtool);

 		if (status != EFI_SUCCESS) {
 			CHAR16 buf[256];

 			StrCpy(buf, L"Failed to start backup programme ");
 			StrCat(buf, hashtool);
 			console_error(buf, status);

 			goto out;
 		}

 		/* try to start the loader again */
 		status = execute(image, loader);
 		if (status == EFI_ACCESS_DENIED
 		    || status == EFI_SECURITY_VIOLATION) {
 			int selection = console_select((CHAR16 *[]) {
 				L"loader is still giving a security error",
 				NULL
 			}, (CHAR16 *[]) {
 				L"Start HashTool",
 				L"Exit",
 				NULL
 			}, 0);
 			if (selection == 0)
 				continue;
 		}

 		break;
 	}
  out:
 	status = security_policy_uninstall();
 	if (status != EFI_SUCCESS)
 		console_error(L"Failed to uninstall security policy.  Platform needs rebooting", status);

 	return status;
  override:
 	status = execute(image, loader);

 	if (status != EFI_SUCCESS) {
 		CHAR16 buf[256];

 		StrCpy(buf, L"Failed to start ");
 		StrCat(buf, loader);
 		console_error(buf, status);
 	}

 	return status;
 }
	/*
	* Copyright 2012 <James.Bottomley@HansenPartnership.com>
	*
	* see COPYING file
	*
	*/

	#include <efi.h>
	#include <efilib.h>

	#include <console.h>
	#include <errors.h>
	#include <guid.h>
	#include <security_policy.h>
	#include <execute.h>

	#include "hashlist.h"

	CHAR16 *loader = L"loader.efi";
	CHAR16 *hashtool = L"HashTool.efi";

	EFI_STATUS
	efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
	{
	EFI_STATUS status;
	UINT8 SecureBoot;
	UINTN DataSize = sizeof(SecureBoot);

	InitializeLib(image, systab);

	console_reset();

	status = RT->GetVariable(L"SecureBoot",
	&GV_GUID, NULL, &DataSize, &SecureBoot);
	if (status != EFI_SUCCESS) {
	Print(L"Not a Secure Boot Platform %d\n", status);
	goto override;
	}

	if (!SecureBoot) {
	Print(L"Secure Boot Disabled\n");
	goto override;
	}

	status = security_policy_install(security_policy_mok_override,
	security_policy_mok_allow,
	security_policy_mok_deny);
	if (status != EFI_SUCCESS) {
	console_error(L"Failed to install override security policy",
	status);
	/* Don't die, just try to execute without security policy */
	goto override;
	}

	/* install statically compiled in hashes */
	security_protocol_set_hashes(_tmp_tmp_hash, _tmp_tmp_hash_len);

	/* Check for H key being pressed */
	if (console_check_for_keystroke('H'))
	goto start_hashtool;

	status = execute(image, loader);

	if (status == EFI_SUCCESS)
	goto out;

	if (status != EFI_SECURITY_VIOLATION && status != EFI_ACCESS_DENIED) {
	CHAR16 buf[256];

	StrCpy(buf, L"Failed to start ");
	StrCat(buf, loader);
	console_error(buf, status);

	goto out;
	}

	console_alertbox((CHAR16 *[]) {
	L"Failed to start loader",
	L"",
	L"It should be called loader.efi (in the current directory)",
	L"Please enrol its hash and try again",
	L"",
	L"I will now execute HashTool for you to do this",
	NULL
	});

	for (;;) {
	start_hashtool:
	status = execute(image, hashtool);

	if (status != EFI_SUCCESS) {
	CHAR16 buf[256];

	StrCpy(buf, L"Failed to start backup programme ");
	StrCat(buf, hashtool);
	console_error(buf, status);

	goto out;
	}

	/* try to start the loader again */
	status = execute(image, loader);
	if (status == EFI_ACCESS_DENIED
	\|\| status == EFI_SECURITY_VIOLATION) {
	int selection = console_select((CHAR16 *[]) {
	L"loader is still giving a security error",
	NULL
	}, (CHAR16 *[]) {
	L"Start HashTool",
	L"Exit",
	NULL
	}, 0);
	if (selection == 0)
	continue;
	}

	break;
	}
	out:
	status = security_policy_uninstall();
	if (status != EFI_SUCCESS)
	console_error(L"Failed to uninstall security policy. Platform needs rebooting", status);

	return status;
	override:
	status = execute(image, loader);

	if (status != EFI_SUCCESS) {
	CHAR16 buf[256];

	StrCpy(buf, L"Failed to start ");
	StrCat(buf, loader);
	console_error(buf, status);
	}

	return status;
	}