2021-08-02 12:46:30 +02:00
|
|
|
/** @file
|
|
|
|
This driver init default Secure Boot variables
|
|
|
|
|
|
|
|
Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
|
|
|
|
Copyright (c) 2021, Semihalf All rights reserved.<BR>
|
2021-09-27 09:46:27 +02:00
|
|
|
Copyright (c) 2021, Ampere Computing LLC. All rights reserved.<BR>
|
2021-08-02 12:46:30 +02:00
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
**/
|
|
|
|
#include <Guid/AuthenticatedVariableFormat.h>
|
|
|
|
#include <Guid/ImageAuthentication.h>
|
|
|
|
#include <Library/BaseLib.h>
|
|
|
|
#include <Library/BaseMemoryLib.h>
|
|
|
|
#include <Library/DebugLib.h>
|
|
|
|
#include <Library/MemoryAllocationLib.h>
|
|
|
|
#include <Library/UefiBootServicesTableLib.h>
|
|
|
|
#include <Library/UefiRuntimeServicesTableLib.h>
|
2022-04-12 02:46:12 +02:00
|
|
|
#include <UefiSecureBoot.h>
|
2021-08-02 12:46:30 +02:00
|
|
|
#include <Library/SecureBootVariableLib.h>
|
|
|
|
#include <Library/SecureBootVariableProvisionLib.h>
|
|
|
|
|
|
|
|
/**
|
|
|
|
The entry point for SecureBootDefaultKeys driver.
|
|
|
|
|
|
|
|
@param[in] ImageHandle The image handle of the driver.
|
|
|
|
@param[in] SystemTable The system table.
|
|
|
|
|
2021-09-27 09:46:27 +02:00
|
|
|
@retval EFI_SUCCESS The secure default keys are initialized successfully.
|
|
|
|
@retval EFI_UNSUPPORTED One of the secure default keys already exists.
|
|
|
|
@retval EFI_NOT_FOUND One of the PK, KEK, or DB default keys is not found.
|
|
|
|
@retval Others Fail to initialize the secure default keys.
|
2021-08-02 12:46:30 +02:00
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
SecureBootDefaultKeysEntryPoint (
|
|
|
|
IN EFI_HANDLE ImageHandle,
|
|
|
|
IN EFI_SYSTEM_TABLE *SystemTable
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
|
|
|
|
Status = SecureBootInitPKDefault ();
|
|
|
|
if (EFI_ERROR (Status)) {
|
2023-04-06 21:50:26 +02:00
|
|
|
DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __func__, Status));
|
2021-08-02 12:46:30 +02:00
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|
|
|
|
Status = SecureBootInitKEKDefault ();
|
|
|
|
if (EFI_ERROR (Status)) {
|
2023-04-06 21:50:26 +02:00
|
|
|
DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __func__, Status));
|
2021-08-02 12:46:30 +02:00
|
|
|
return Status;
|
|
|
|
}
|
2021-12-05 23:54:12 +01:00
|
|
|
|
2021-08-02 12:46:30 +02:00
|
|
|
Status = SecureBootInitDbDefault ();
|
|
|
|
if (EFI_ERROR (Status)) {
|
2023-04-06 21:50:26 +02:00
|
|
|
DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __func__, Status));
|
2021-08-02 12:46:30 +02:00
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|
|
|
|
Status = SecureBootInitDbtDefault ();
|
2021-09-27 09:46:27 +02:00
|
|
|
if (Status == EFI_NOT_FOUND) {
|
2023-04-06 21:50:26 +02:00
|
|
|
DEBUG ((DEBUG_INFO, "%a: dbtDefault not initialized\n", __func__));
|
2021-09-27 09:46:27 +02:00
|
|
|
} else if (EFI_ERROR (Status)) {
|
2023-04-06 21:50:26 +02:00
|
|
|
DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbtDefault: %r\n", __func__, Status));
|
2021-09-27 09:46:27 +02:00
|
|
|
return Status;
|
2021-08-02 12:46:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
Status = SecureBootInitDbxDefault ();
|
2021-09-27 09:46:27 +02:00
|
|
|
if (Status == EFI_NOT_FOUND) {
|
2023-04-06 21:50:26 +02:00
|
|
|
DEBUG ((DEBUG_INFO, "%a: dbxDefault not initialized\n", __func__));
|
2021-09-27 09:46:27 +02:00
|
|
|
} else if (EFI_ERROR (Status)) {
|
2023-04-06 21:50:26 +02:00
|
|
|
DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbxDefault: %r\n", __func__, Status));
|
2021-09-27 09:46:27 +02:00
|
|
|
return Status;
|
2021-08-02 12:46:30 +02:00
|
|
|
}
|
|
|
|
|
2021-09-27 09:46:27 +02:00
|
|
|
return EFI_SUCCESS;
|
2021-08-02 12:46:30 +02:00
|
|
|
}
|