#include <common.h>
#include <efi_loader.h>
+#include <env.h>
#include <env_internal.h>
#include <hexdump.h>
#include <malloc.h>
#include <rtc.h>
#include <search.h>
+#include <uuid.h>
#include <crypto/pkcs7_parser.h>
+#include <linux/bitops.h>
#include <linux/compat.h>
#include <u-boot/crc.h>
EFI_MODE_DEPLOYED,
};
-const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
static bool efi_secure_boot;
-static int efi_secure_mode;
+static enum efi_secure_mode efi_secure_mode;
static u8 efi_vendor_keys;
#define READ_ONLY BIT(31)
/**
* efi_set_secure_state - modify secure boot state variables
- * @sec_boot: value of SecureBoot
+ * @secure_boot: value of SecureBoot
* @setup_mode: value of SetupMode
* @audit_mode: value of AuditMode
* @deployed_mode: value of DeployedMode
*
- * Modify secure boot stat-related variables as indicated.
+ * Modify secure boot status related variables as indicated.
*
* Return: status code
*/
-static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode,
- int audit_mode, int deployed_mode)
+static efi_status_t efi_set_secure_state(u8 secure_boot, u8 setup_mode,
+ u8 audit_mode, u8 deployed_mode)
{
u32 attributes;
efi_status_t ret;
EFI_VARIABLE_RUNTIME_ACCESS |
READ_ONLY;
ret = efi_set_variable_common(L"SecureBoot", &efi_global_variable_guid,
- attributes, sizeof(sec_boot), &sec_boot,
- false);
+ attributes, sizeof(secure_boot),
+ &secure_boot, false);
if (ret != EFI_SUCCESS)
goto err;
var_sig = efi_variable_parse_signature(auth->auth_info.cert_data,
auth->auth_info.hdr.dwLength
- sizeof(auth->auth_info));
- if (IS_ERR(var_sig)) {
+ if (!var_sig) {
debug("Parsing variable's signature failed\n");
- var_sig = NULL;
goto err;
}
/* guid */
c = *(name - 1);
*(name - 1) = '\0'; /* guid need be null-terminated here */
- uuid_str_to_bin(guid, (unsigned char *)vendor, UUID_STR_FORMAT_GUID);
+ if (uuid_str_to_bin(guid, (unsigned char *)vendor,
+ UUID_STR_FORMAT_GUID))
+ /* The only error would be EINVAL. */
+ return EFI_INVALID_PARAMETER;
*(name - 1) = c;
/* attributes */
u32 attr;
efi_status_t ret = EFI_SUCCESS;
- debug("%s: set '%s'\n", __func__, native_name);
-
if (!variable_name || !*variable_name || !vendor ||
((attributes & EFI_VARIABLE_RUNTIME_ACCESS) &&
!(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS))) {