print secure boot flags

author: Kay Sievers <kay@vrfy.org> 2013-03-10 20:37:19 +0100
committer: Kay Sievers <kay@vrfy.org> 2013-03-10 20:37:19 +0100
commit: 6da1b92232a02b7687be36058c00b4142bb59697 (patch)
tree: dd2e3356f175b6c0a68dcd26eb716215bf3cb6c0 /src
parent: a8608d9c8011242bf970c673ad51dd73377d2df1 (diff)
4 files changed, 31 insertions, 16 deletions
diff --git a/src/efi/gummiboot.c b/src/efi/gummiboot.c
index 1f0838b..1e2e1c2 100644
--- a/src/efi/gummiboot.c
+++ b/src/efi/gummiboot.c
@@ -474,12 +474,13 @@ static VOID dump_status(Config *config, CHAR16 *loaded_image_path) {
         if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS) {
                 Print(L"SecureBoot:             %s\n", *b > 0 ? L"enabled" : L"disabled");
                 FreePool(b);
+        }
 
-                if (efivar_get_raw(&global_guid, L"SetupMode", &b, &size) == EFI_SUCCESS) {
-                        Print(L"SetupMode:              %s\n", *b > 0 ? L"enabled" : L"disabled");
-                        FreePool(b);
-                }
+        if (efivar_get_raw(&global_guid, L"SetupMode", &b, &size) == EFI_SUCCESS) {
+                Print(L"SetupMode:              %s\n", *b > 0 ? L"enabled" : L"disabled");
+                FreePool(b);
         }
+
         if (efivar_get_raw(&global_guid, L"OsIndicationsSupported", &b, &size) == EFI_SUCCESS) {
                 Print(L"OsIndicationsSupported: %d\n", (UINT64)*b);
                 FreePool(b);
diff --git a/src/setup/efivars.c b/src/setup/efivars.c
index 783ecc8..2c1914d 100644
--- a/src/setup/efivars.c
+++ b/src/setup/efivars.c
@@ -38,13 +38,13 @@ bool is_efi_boot(void) {
         return access("/sys/firmware/efi", F_OK) >= 0;
 }
 
-int is_efi_secure_boot(void) {
+int read_flag(const char *varname) {
         int r;
         void *v;
         size_t s;
         uint8_t b;
 
-        r = efi_get_variable(EFI_VENDOR_GLOBAL, "SecureBoot", &v, &s);
+        r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, &v, &s);
         if (r < 0)
                 return r;
 
@@ -60,6 +60,14 @@ finish:
         return r;
 }
 
+int is_efi_secure_boot(void) {
+        return read_flag("SecureBoot");
+}
+
+int is_efi_secure_boot_setup_mode(void) {
+        return read_flag("SetupMode");
+}
+
 int efi_get_variable(
                 const uint8_t vendor[16],
                 const char *name,
diff --git a/src/setup/efivars.h b/src/setup/efivars.h
index 97cb3d5..1ce1e0c 100644
--- a/src/setup/efivars.h
+++ b/src/setup/efivars.h
@@ -34,6 +34,7 @@
 
 bool is_efi_boot(void);
 int is_efi_secure_boot(void);
+int is_efi_secure_boot_setup_mode(void);
 int efi_get_variable(const uint8_t vendor[16], const char *name, void **value, size_t *size);
 int efi_set_variable( const uint8_t vendor[16], const char *name, const void *value, size_t size);
 int efi_get_variable_string(const uint8_t vendor[16], const char *name, char **p);
diff --git a/src/setup/setup.c b/src/setup/setup.c
index 865afce..77c49f6 100644
--- a/src/setup/setup.c
+++ b/src/setup/setup.c
@@ -408,11 +408,11 @@ static int print_efi_option(uint16_t id) {
                 goto finish;
         }
 
-        printf("      Title: %s\n", strna(title));
-        printf("     Number: %04X\n", id);
+        printf("        Title: %s\n", strna(title));
+        printf("       Number: %04X\n", id);
         if (path) {
-                 printf("     Binary: %s\n", path);
-                 printf("  Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
+                 printf("       Binary: %s\n", path);
+                 printf("    Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
                         partition[0], partition[1], partition[2], partition[3], partition[4], partition[5], partition[6], partition[7],
                         partition[8], partition[9], partition[10], partition[11], partition[12], partition[13], partition[14], partition[15]);
         }
@@ -438,21 +438,30 @@ static int status_variables(void) {
         r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderFirmwareType", &s);
         if (r == 0) {
                 char *s2 = NULL;
+                int flag;
 
                 printf("Firmware Information:\n");
 
                 efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderFirmwareInfo", &s2);
-                printf("   Firmware: %s (%s)\n", s, s2);
+                printf("     Firmware: %s (%s)\n", s, s2);
                 free(s2);
                 free(s);
 
                 r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderImageIdentifier", &s);
                 if (r == 0) {
                         tilt_backslashes(s);
-                        printf("     Loader: %s\n", s);
+                        printf("       Loader: %s\n", s);
                         free(s);
                 }
 
+                flag = is_efi_secure_boot();
+                if (flag >= 0)
+                        printf("  Secure Boot: %s\n", is_efi_secure_boot() ? "enabled" : "disabled");
+
+                flag = is_efi_secure_boot_setup_mode();
+                if (flag >= 0)
+                        printf("   Setup Mode: %s\n", is_efi_secure_boot() ? "enabled" : "disabled");
+
                 printf("\n");
         }
 
@@ -1024,10 +1033,6 @@ static int install_variables(const char *esp_path,
                 fprintf(stderr, "Created EFI boot entry \"Linux Boot Manager\".\n");
         }
 
-        if (first && is_efi_secure_boot() > 0) {
-                fprintf(stderr, "EFI Secure Boot is active, entry added to the end of the boot order list.\n");
-                first = false;
-        }
         insert_into_order(slot, first);
 
 finish:
author	Kay Sievers <kay@vrfy.org>	2013-03-10 20:37:19 +0100
committer	Kay Sievers <kay@vrfy.org>	2013-03-10 20:37:19 +0100
commit	6da1b92232a02b7687be36058c00b4142bb59697 (patch)
tree	dd2e3356f175b6c0a68dcd26eb716215bf3cb6c0 /src
parent	a8608d9c8011242bf970c673ad51dd73377d2df1 (diff)