#include <common.h>
#include <efi_loader.h>
+#include <env.h>
#include <env_internal.h>
#include <hexdump.h>
#include <malloc.h>
#include <rtc.h>
#include <search.h>
+#include <uuid.h>
#include <crypto/pkcs7_parser.h>
+#include <linux/bitops.h>
#include <linux/compat.h>
#include <u-boot/crc.h>
EFI_MODE_DEPLOYED,
};
-const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
static bool efi_secure_boot;
-static int efi_secure_mode;
+static enum efi_secure_mode efi_secure_mode;
static u8 efi_vendor_keys;
#define READ_ONLY BIT(31)
+static efi_status_t efi_get_variable_common(u16 *variable_name,
+ const efi_guid_t *vendor,
+ u32 *attributes,
+ efi_uintn_t *data_size, void *data);
+
+static efi_status_t efi_set_variable_common(u16 *variable_name,
+ const efi_guid_t *vendor,
+ u32 attributes,
+ efi_uintn_t data_size,
+ const void *data,
+ bool ro_check);
+
/*
* Mapping between EFI variables and u-boot variables:
*
return str;
}
-static efi_status_t efi_set_variable_common(u16 *variable_name,
- const efi_guid_t *vendor,
- u32 attributes,
- efi_uintn_t data_size,
- const void *data,
- bool ro_check);
-
/**
* efi_set_secure_state - modify secure boot state variables
* @sec_boot: value of SecureBoot
* Those variables are *read-only* for users, efi_set_variable_common()
* is called here.
*
- * Return: EFI_SUCCESS on success, status code (negative) on error
+ * Return: status code
*/
static efi_status_t efi_transfer_secure_state(enum efi_secure_mode mode)
{
/**
* efi_init_secure_state - initialize secure boot state
*
- * Return: EFI_SUCCESS on success, status code (negative) on error
+ * Return: status code
*/
static efi_status_t efi_init_secure_state(void)
{
*/
size = 0;
- ret = EFI_CALL(efi_get_variable(L"PK", &efi_global_variable_guid,
- NULL, &size, NULL));
+ ret = efi_get_variable_common(L"PK", &efi_global_variable_guid,
+ NULL, &size, NULL);
if (ret == EFI_BUFFER_TOO_SMALL) {
if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
mode = EFI_MODE_USER;
* attributes and signed time will also be returned in @env_attr and @time,
* respectively.
*
- * Return: EFI_SUCCESS on success, status code (negative) on error
+ * Return: status code
*/
static efi_status_t efi_variable_authenticate(u16 *variable,
const efi_guid_t *vendor,
var_sig = efi_variable_parse_signature(auth->auth_info.cert_data,
auth->auth_info.hdr.dwLength
- sizeof(auth->auth_info));
- if (IS_ERR(var_sig)) {
+ if (!var_sig) {
debug("Parsing variable's signature failed\n");
- var_sig = NULL;
goto err;
}
}
#endif /* CONFIG_EFI_SECURE_BOOT */
-static
-efi_status_t EFIAPI efi_get_variable_common(u16 *variable_name,
+static efi_status_t efi_get_variable_common(u16 *variable_name,
const efi_guid_t *vendor,
u32 *attributes,
efi_uintn_t *data_size, void *data)
/* guid */
c = *(name - 1);
*(name - 1) = '\0'; /* guid need be null-terminated here */
- uuid_str_to_bin(guid, (unsigned char *)vendor, UUID_STR_FORMAT_GUID);
+ if (uuid_str_to_bin(guid, (unsigned char *)vendor,
+ UUID_STR_FORMAT_GUID))
+ /* The only error would be EINVAL. */
+ return EFI_INVALID_PARAMETER;
*(name - 1) = c;
/* attributes */
u32 attr;
efi_status_t ret = EFI_SUCCESS;
- debug("%s: set '%s'\n", __func__, native_name);
-
if (!variable_name || !*variable_name || !vendor ||
((attributes & EFI_VARIABLE_RUNTIME_ACCESS) &&
!(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS))) {
/* check if a variable exists */
old_size = 0;
attr = 0;
- ret = EFI_CALL(efi_get_variable(variable_name, vendor, &attr,
- &old_size, NULL));
+ ret = efi_get_variable_common(variable_name, vendor, &attr,
+ &old_size, NULL);
append = !!(attributes & EFI_VARIABLE_APPEND_WRITE);
attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE;
delete = !append && (!data_size || !attributes);
if (append) {
old_data = malloc(old_size);
if (!old_data) {
- return EFI_OUT_OF_RESOURCES;
+ ret = EFI_OUT_OF_RESOURCES;
goto err;
}
- ret = EFI_CALL(efi_get_variable(variable_name, vendor,
- &attr, &old_size, old_data));
+ ret = efi_get_variable_common(variable_name, vendor,
+ &attr, &old_size, old_data);
if (ret != EFI_SUCCESS)
goto err;
} else {
projects / oweals / u-boot.git / blobdiff