According to the UEFI specification, the platform is operating in secure boot mode if SetupMode is 0 and SecureBoot is 1, and cannot operate in secure boot mode if SetupMode is set to 1. Check the value of SetupMode when determining the state of Secure Boot.
Signed-off-by: Linn Crosetto <[email protected]> --- drivers/firmware/efi/libstub/arm-stub.c | 34 +++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c index 3397902..7ef2e20 100644 --- a/drivers/firmware/efi/libstub/arm-stub.c +++ b/drivers/firmware/efi/libstub/arm-stub.c @@ -20,26 +20,36 @@ static int efi_secureboot_enabled(efi_system_table_t *sys_table_arg) { - static efi_guid_t const var_guid = EFI_GLOBAL_VARIABLE_GUID; - static efi_char16_t const var_name[] = { + static efi_char16_t const sb_var_name[] = { 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 }; + static efi_char16_t const sm_var_name[] = { + 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 }; + efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable; - unsigned long size = sizeof(u8); - efi_status_t status; u8 val; + unsigned long size = sizeof(val); + efi_status_t status; - status = f_getvar((efi_char16_t *)var_name, (efi_guid_t *)&var_guid, + status = f_getvar((efi_char16_t *)sb_var_name, (efi_guid_t *)&var_guid, NULL, &size, &val); - switch (status) { - case EFI_SUCCESS: - return val; - case EFI_NOT_FOUND: + if (status != EFI_SUCCESS) return 0; - default: - return 1; - } + + if (val == 0) + return 0; + + status = f_getvar((efi_char16_t *)sm_var_name, (efi_guid_t *)&var_guid, + NULL, &size, &val); + + if (status != EFI_SUCCESS) + return 0; + + if (val == 1) + return 0; + + return 1; } efi_status_t efi_open_volume(efi_system_table_t *sys_table_arg, -- 2.1.4
