TianoCore EDK2 master
Loading...
Searching...
No Matches
EnrollFromDefaultKeysApp.c
Go to the documentation of this file.
1
10#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
11#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
12#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
13#include <Library/BaseLib.h> // GUID_STRING_LENGTH
14#include <Library/BaseMemoryLib.h> // CopyGuid()
15#include <Library/DebugLib.h> // ASSERT()
16#include <Library/MemoryAllocationLib.h> // FreePool()
17#include <Library/PrintLib.h> // AsciiSPrint()
18#include <Library/UefiBootServicesTableLib.h> // gBS
19#include <Library/UefiLib.h> // AsciiPrint()
20#include <Library/UefiRuntimeServicesTableLib.h> // gRT
21#include <Uefi/UefiMultiPhase.h>
22#include <UefiSecureBoot.h>
23#include <Library/SecureBootVariableLib.h>
24#include <Library/SecureBootVariableProvisionLib.h>
25
34EFI_STATUS
35EFIAPI
36UefiMain (
37 IN EFI_HANDLE ImageHandle,
38 IN EFI_SYSTEM_TABLE *SystemTable
39 )
40{
41 EFI_STATUS Status;
42 UINT8 SetupMode;
43
44 Status = GetSetupMode (&SetupMode);
45 if (EFI_ERROR (Status)) {
46 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot get SetupMode variable: %r\n", Status);
47 return 1;
48 }
49
50 if (SetupMode == USER_MODE) {
51 AsciiPrint ("EnrollFromDefaultKeysApp: Skipped - USER_MODE\n");
52 return 1;
53 }
54
55 Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE);
56 if (EFI_ERROR (Status)) {
57 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot set CUSTOM_SECURE_BOOT_MODE: %r\n", Status);
58 return 1;
59 }
60
61 Status = EnrollDbFromDefault ();
62 if (EFI_ERROR (Status)) {
63 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll db: %r\n", Status);
64 goto error;
65 }
66
67 Status = EnrollDbxFromDefault ();
68 if (EFI_ERROR (Status)) {
69 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbt: %r\n", Status);
70 }
71
72 Status = EnrollDbtFromDefault ();
73 if (EFI_ERROR (Status)) {
74 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll dbx: %r\n", Status);
75 }
76
77 Status = EnrollKEKFromDefault ();
78 if (EFI_ERROR (Status)) {
79 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll KEK: %r\n", Status);
80 goto cleardbs;
81 }
82
83 Status = EnrollPKFromDefault ();
84 if (EFI_ERROR (Status)) {
85 AsciiPrint ("EnrollFromDefaultKeysApp: Cannot enroll PK: %r\n", Status);
86 goto clearKEK;
87 }
88
89 Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
90 if (EFI_ERROR (Status)) {
91 AsciiPrint (
92 "EnrollFromDefaultKeysApp: Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n"
93 "Please do it manually, otherwise system can be easily compromised\n"
94 );
95 }
96
97 return 0;
98
99clearKEK:
100 DeleteKEK ();
101
102cleardbs:
103 DeleteDbt ();
104 DeleteDbx ();
105 DeleteDb ();
106
107error:
108 Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE);
109 if (EFI_ERROR (Status)) {
110 AsciiPrint (
111 "EnrollFromDefaultKeysApp: Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n"
112 "Please do it manually, otherwise system can be easily compromised\n"
113 );
114 }
115
116 return 1;
117}
UefiMain
EFI_STATUS EFIAPI UefiMain(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
Definition: EnrollFromDefaultKeysApp.c:36
IN
#define IN
Definition: Base.h:279
SetSecureBootMode
EFI_STATUS EFIAPI SetSecureBootMode(IN UINT8 SecureBootMode)
Definition: SecureBootVariableLib.c:391
GetSetupMode
EFI_STATUS EFIAPI GetSetupMode(OUT UINT8 *SetupMode)
Definition: SecureBootVariableLib.c:413
DeleteDbx
EFI_STATUS EFIAPI DeleteDbx(VOID)
Definition: SecureBootVariableLib.c:505
DeleteDb
EFI_STATUS EFIAPI DeleteDb(VOID)
Definition: SecureBootVariableLib.c:482
DeleteKEK
EFI_STATUS EFIAPI DeleteKEK(VOID)
Definition: SecureBootVariableLib.c:551
DeleteDbt
EFI_STATUS EFIAPI DeleteDbt(VOID)
Definition: SecureBootVariableLib.c:528
EnrollPKFromDefault
EFI_STATUS EFIAPI EnrollPKFromDefault(VOID)
Definition: SecureBootVariableProvisionLib.c:560
EnrollKEKFromDefault
EFI_STATUS EFIAPI EnrollKEKFromDefault(VOID)
Definition: SecureBootVariableProvisionLib.c:536
EnrollDbFromDefault
EFI_STATUS EFIAPI EnrollDbFromDefault(VOID)
Definition: SecureBootVariableProvisionLib.c:464
EnrollDbtFromDefault
EFI_STATUS EFIAPI EnrollDbtFromDefault(VOID)
Definition: SecureBootVariableProvisionLib.c:512
EnrollDbxFromDefault
EFI_STATUS EFIAPI EnrollDbxFromDefault(VOID)
Definition: SecureBootVariableProvisionLib.c:488
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_HANDLE
VOID * EFI_HANDLE
Definition: UefiBaseType.h:33
AsciiPrint
UINTN EFIAPI AsciiPrint(IN CONST CHAR8 *Format,...)
Definition: UefiLibPrint.c:250
EFI_SYSTEM_TABLE
Definition: UefiSpec.h:2028