Upstream
/
CloverBootloader
mirror of https://github.com/CloverHackyColor/CloverBootloader.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Try to compile secure boot. Error in some openssl asm instructions.

This commit is contained in:
jief666 2021-05-09 17:13:37 +03:00
parent 2eb35b700d
commit 0b0667997a
28 changed files with 229 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Include/Library/printf_lite-conf.h
View File

@ -38,7 +38,7 @@ extern "C" {
// 2020-03 : On Gcc 9.2 and Clang (Apple LLVM version 10.0.0), size_t is not builtin, but __SIZE_TYPE__ is
typedef __SIZE_TYPE__ size_t;
//typedef long int ssize_t; // no __SSIZE_TYPE__. We don't use ssize_t in CLover. Let's try to keep it that way.
//typedef long int ssize_t; // no __SSIZE_TYPE__. We don't use ssize_t in Clover. Let's try to keep it that way.
#endif

22
Library/OpensslLib/Include/OpenSslSupport.h
View File

@ -15,6 +15,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef __OPEN_SSL_SUPPORT_H__
#define __OPEN_SSL_SUPPORT_H__
#ifdef __cplusplus
extern "C" {
#endif
#include <Base.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
@ -37,10 +42,10 @@ typedef VOID *FILE;
#define va_end __builtin_va_end
#define va_arg __builtin_va_arg
#else
#define va_list VA_LIST
#define va_arg VA_ARG
#define va_start VA_START
#define va_end VA_END
//#define va_list VA_LIST
//#define va_arg VA_ARG
//#define va_start VA_START
//#define va_end VA_END
#endif
#else // __CC_ARM
#define va_start(Marker, Parameter) __va_start(Marker, Parameter)
@ -84,7 +89,7 @@ typedef VOID *FILE;
//
// Basic types from EFI Application Toolkit required to buiild Open SSL
//
typedef UINTN size_t;
typedef __SIZE_TYPE__ size_t;
typedef INTN ssize_t;
typedef INT64 off_t;
typedef UINT16 mode_t;
@ -244,8 +249,13 @@ extern FILE *stdout;
#define strcat(strDest,strSource) AsciiStrCatS(strDest,AsciiStrLen(strDest)+1,strSource)
#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
#define abort() ASSERT (FALSE)
#define assert(expression)
//#define assert(expression)
#define localtime(timer) NULL
#define gmtime_r(timer,result) (result = NULL)
#ifdef __cplusplus
}
#endif
#endif

2
Library/OpensslLib/SysCall/BaseMemAllocation.c
View File

@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <OpenSslSupport.h>
#include "../Include/OpenSslSupport.h"
//
// -- Memory-Allocation Routines --

2
Library/OpensslLib/SysCall/CrtWrapper.c
View File

@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <OpenSslSupport.h>
#include "../Include/OpenSslSupport.h"
/* AnV - malloc + free fix */
#include <Library/MemoryAllocationLib.h>

4
Library/OpensslLib/SysCall/TimerWrapper.c
View File

@ -14,9 +14,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <Uefi.h>
#include <OpenSslSupport.h>
#include "../Include/OpenSslSupport.h"
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/MemoryAllocationLib.h>
/* AnV - fix for malloc */
#undef malloc

25
Library/OpensslLib/openssl-1.0.1e/OpensslLib.dec Normal file
View File

@ -0,0 +1,25 @@
## @file MdePkg.dec
# This Package provides all definitions, library classes and libraries instances.
#
# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of
# EFI1.10/UEFI2.7/PI1.7 and some Industry Standards.
#
# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
DEC_SPECIFICATION = 0x00010005
PACKAGE_NAME = Openssl
PACKAGE_GUID = A303B781-8C0D-432F-849E-B36B6CCDBE55
PACKAGE_VERSION = 1
[Includes]
../Include
include

1
Library/OpensslLib/openssl-1.0.1e/OpensslLib.inf
View File

@ -26,6 +26,7 @@
MdePkg/MdePkg.dec
CloverPkg.dec
#CryptoPkg/CryptoPkg.dec
Library/OpensslLib/openssl-1.0.1e/OpensslLib.dec
#
# OPENSSL_FLAGS is set to define the following flags to be compatible with

3
Xcode/CloverX64/CloverX64.xcodeproj/project.pbxproj
View File

@ -3259,6 +3259,7 @@
NO_MSABI_VA_FUNCS,
DISABLE_PRINTLIB,
OC_TARGET_NOOPT,
DISABLE_SECURE_BOOT,
);
GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
GCC_WARN_ABOUT_RETURN_TYPE = YES;
@ -3288,6 +3289,7 @@
$PROJECT_DIR/../../OpenCorePkg/Include/Acidanthera,
$PROJECT_DIR/../../OpenCorePkg/Include/AMI,
$PROJECT_DIR/../../OpenCorePkg/Include/Intel,
$PROJECT_DIR/../../Library/OpensslLib/Include,
);
ONLY_ACTIVE_ARCH = YES;
OTHER_CFLAGS = (
@ -3380,6 +3382,7 @@
$PROJECT_DIR/../../OpenCorePkg/Include/Acidanthera,
$PROJECT_DIR/../../OpenCorePkg/Include/AMI,
$PROJECT_DIR/../../OpenCorePkg/Include/Intel,
$PROJECT_DIR/../../Library/OpensslLib/Include,
);
ONLY_ACTIVE_ARCH = YES;
OTHER_CFLAGS = (

8
rEFIt_UEFI/PlatformEFI/posix/posix.h
View File

@ -24,8 +24,8 @@
// originally from OpensslLib
//#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch))
#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
//#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
//#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
//#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count))
//#define strcmp AsciiStrCmp
//#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
@ -33,8 +33,8 @@
//#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,(UINTN)count+1,strSource,(UINTN)count)
//#define strlen(str) (size_t)(AsciiStrLen(str))
//#define strcat(strDest,strSource) AsciiStrCatS(strDest,AsciiStrLen(strDest)+1,strSource)
#define strchr(str,ch) ScanMem8((void *)(str),AsciiStrSize(str),(UINT8)ch)
#define strstr(a,b) AsciiStrStr(a,b)
//#define strchr(str,ch) ScanMem8((void *)(str),AsciiStrSize(str),(UINT8)ch)
//#define strstr(a,b) AsciiStrStr(a,b)
#ifdef __cplusplus

11
rEFIt_UEFI/PlatformEFI/posix/stdint.h
View File

@ -1,16 +1,23 @@
#ifndef __CLOVER_STDINT_H__
#define __CLOVER_STDINT_H__
// Currently only compiling 64 bits.
// If compiling for other size, #ifdef the static_assert depending of the platform and adjust constant (INT_MIN, INT_MAX)
#ifdef __cplusplus
static_assert(sizeof(int) != 8, "sizeof(int) != 8");
#endif
#define INT8_MIN (-128)
#define INT8_MIN (-128)
#define INT16_MIN (-32768)
#define INT32_MIN (-2147483647 - 1)
#define INT64_MIN (-9223372036854775807LL - 1)
#define INT64_MIN (-9223372036854775807LL - 1)
#define INT_MIN INT64_MIN
#define INT8_MAX 127
#define INT16_MAX 32767
#define INT32_MAX 2147483647
#define INT64_MAX 9223372036854775807LL
#define INT_MAX INT64_MAX
#define UINT8_MAX 0xff /* 255U */
#define UINT16_MAX 0xffff /* 65535U */

15
rEFIt_UEFI/PlatformEFI/posix/stdlib.h
View File

@ -19,23 +19,24 @@ extern "C" {
void abort(void);
#ifdef __cplusplus
}
#endif
inline void* malloc(size_t size)
{
return AllocatePool(size);
return AllocatePool(size);
}
inline void* reallocWithOldSize(void *ptr, size_t newsize, size_t oldsize) // not the posix realloc. For EFI we need oldsize
{
return ReallocatePool(oldsize, newsize, ptr);
return ReallocatePool(oldsize, newsize, ptr);
}
inline void free(void *ptr)
{
FreePool(ptr);
FreePool(ptr);
}
#ifdef __cplusplus
}
#endif
#endif

20
rEFIt_UEFI/PlatformEFI/posix/string.cpp
View File

@ -154,5 +154,25 @@ strncmp(const char *s1, const char *s2, size_t n)
// return 0;
//}
int memcmp(const void *s1, const void *s2, size_t n)
{
if ( n > MAX_UINTN ) {
log_technical_bug("n > MAX_UINTN");
}
UINTN ret = CompareMem(s1,s2,(UINTN)(n));
if ( ret < INT_MIN ) {
log_technical_bug("n > ret > MAX_INT");
}
if ( ret > INT_MAX ) {
log_technical_bug("n > ret > MAX_INT");
}
return (int)ret;
}
char* strstr(const char *haystack, const char *needle)
{
return AsciiStrStr(haystack,needle);
}
#endif

4
rEFIt_UEFI/PlatformEFI/posix/string.h
View File

@ -29,6 +29,8 @@ void* memcpy(void *dst, const void *src, size_t len);
// return CopyMem(dst,src,len);
//}
int memcmp(const void *s1, const void *s2, size_t n);
size_t strlen(const char *str);
inline char* strcat(char* s1, const char* s2)
@ -71,6 +73,8 @@ extern void* memset(void *b, int c, size_t len); // memset is defined in cpp_uti
//}
//
char* strstr(const char *haystack, const char *needle);
#ifdef __cplusplus
}
#endif

2
rEFIt_UEFI/Settings/ConfigManager.cpp
View File

@ -23,6 +23,8 @@
#include "../Platform/hda.h"
#include "../include/Net.h"
#include "../entry_scan/secureboot.h"
#ifndef DEBUG_ALL
#define DEBUG_CONFIGMANAGER 1

1
rEFIt_UEFI/Settings/ConfigPlist/ConfigPlistClass.h
View File

@ -20,6 +20,7 @@
#include "../../entry_scan/loader.h" // for KERNEL_SCAN_xxx constants
#include <IndustryStandard/SmBios.h> // for Smbios memory type
#include "../../Platform/guid.h"
#include "../../entry_scan/secureboot.h"
extern "C" {
#include <Protocol/GraphicsOutput.h>
}

7
rEFIt_UEFI/Settings/ConfigPlist/Config_Boot.h
View File

@ -14,14 +14,7 @@
#include "../../cpp_lib/XmlLiteParser.h"
#include "../../include/BootTypes.h"
#ifndef UNIT_TESTS_MACOS
/* This is interdependency. This is just for now to be compatible with SETTINGS_DATA. Refactoring in progress. */
//#include "../../libeg/XImage.h"
//#include "../../refit/lib.h"
//#include "../../Platform/Self.h"
#endif
#include "../../entry_scan/secureboot.h"
class Boot_Class : public XmlDict
{

14
rEFIt_UEFI/cpp_unit_test/xml_lite-test.cpp
View File

@ -514,7 +514,7 @@ int documentation_test1()
{"KeyNameForInt32", anInt32},
};
virtual void getFields(XmlDictField** fields, size_t* nb) override { *fields = m_fields; *nb = sizeof(m_fields)/sizeof(m_fields[0]); };
} MyDict;
} MyDict = MyDictClass();
const char* config_test = R"V0G0N(
@ -567,7 +567,7 @@ int documentation_test2()
{"KeyNameForInsideDict", inside1},
};
virtual void getFields(XmlDictField** fields, size_t* nb) override { *fields = m_fields; *nb = sizeof(m_fields)/sizeof(m_fields[0]); };
} MyDict;
} MyDict = MyTopLevelDictClass();
const char* config_test = R"V0G0N(
<?xml version="1.0" encoding="UTF-8"?>
@ -623,7 +623,7 @@ int documentation_test3()
{"Count", Count},
};
virtual void getFields(XmlDictField** fields, size_t* nb) override { *fields = m_fields; *nb = sizeof(m_fields)/sizeof(m_fields[0]); };
} MyDict;
} MyDict = MyPlist();
const char* config_test = R"V0G0N(
@ -706,7 +706,7 @@ int documentation_test4()
}
return true;
}
} MyDict;
} MyDict = MyPlist();
const char* config_test = R"V0G0N(
@ -775,7 +775,7 @@ int documentation_test5()
}
return true;
}
} MyDict;
} MyDict = MyPlist();
const char* config_test = R"V0G0N(
@ -812,7 +812,7 @@ int documentation_test6()
{"KeyNameForBoolArray", aBoolArray},
};
virtual void getFields(XmlDictField** fields, size_t* nb) override { *fields = m_fields; *nb = sizeof(m_fields)/sizeof(m_fields[0]); };
} MyDict;
} MyDict = MyDictClass();
const char* config_test = R"V0G0N(
<?xml version="1.0" encoding="UTF-8"?>
@ -850,7 +850,7 @@ int documentation_test7()
{"KeyNameForKeyIntPairs", keyIntPairs},
};
virtual void getFields(XmlDictField** fields, size_t* nb) override { *fields = m_fields; *nb = sizeof(m_fields)/sizeof(m_fields[0]); };
} MyDict;
} MyDict = MyDictClass();
const char* config_test = R"V0G0N(
<?xml version="1.0" encoding="UTF-8"?>

2
rEFIt_UEFI/entry_scan/common.cpp
View File

@ -385,7 +385,7 @@ BOOLEAN AskUserForFilePathFromDir(const CHAR16 *Title OPTIONAL, IN REFIT_VOLUME
// { 0, 0, 0, 0 }, NULL};
//STATIC REFIT_MENU_SCREEN InitialMenu(0, L"Please Select File..."_XSW, XStringW());
// Ask user for file path from volumes menu
BOOLEAN AskUserForFilePathFromVolumes(IN CHAR16 *Title OPTIONAL, OUT EFI_DEVICE_PATH_PROTOCOL **Result)
BOOLEAN AskUserForFilePathFromVolumes(const CHAR16 *Title OPTIONAL, OUT EFI_DEVICE_PATH_PROTOCOL **Result)
{
REFIT_MENU_SCREEN Menu(0, L"Please Select File..."_XSW, XStringW());
UINTN Index = 0, /*Count = 0,*/ MenuExit;

17
rEFIt_UEFI/entry_scan/entry_scan.h
View File

@ -52,7 +52,7 @@ BOOLEAN AskUserForFilePathFromDir(const CHAR16 *Title OPTIONAL, IN REFIT_VOLUME
const CHAR16 *ParentPath, const EFI_FILE *Dir,
OUT EFI_DEVICE_PATH_PROTOCOL **Result);
// Ask user for file path from volumes menu
BOOLEAN AskUserForFilePathFromVolumes(IN CHAR16 *Title OPTIONAL, OUT EFI_DEVICE_PATH_PROTOCOL **Result);
BOOLEAN AskUserForFilePathFromVolumes(const CHAR16 *Title OPTIONAL, OUT EFI_DEVICE_PATH_PROTOCOL **Result);
// Ask user for file path
BOOLEAN AskUserForFilePath(IN CHAR16 *Title OPTIONAL, IN EFI_DEVICE_PATH_PROTOCOL *Root OPTIONAL, OUT EFI_DEVICE_PATH_PROTOCOL **Result);
@ -93,7 +93,6 @@ EFI_STATUS UnlockBootScreen(void);
#define DEFAULT_UNAUTHORIZED_DATABASE_GUID gEfiGlobalVariableGuid
void AddSecureBootTool(void);
void InitializeSecureBoot(void);
EFI_STATUS InstallSecureBoot(void);
void UninstallSecureBoot(void);
void EnableSecureBoot(void);
@ -108,13 +107,13 @@ EFI_STATUS EnrollSecureBootKeys(IN void *AuthorizedDatabase,
EFI_STATUS ClearSecureBootKeys(void);
// secure boot database
void *GetSignatureDatabase(IN CHAR16 *DatabaseName,
IN EFI_GUID *DatabaseGuid,
OUT UINTN *DatabaseSize);
EFI_STATUS SetSignatureDatabase(IN CHAR16 *DatabaseName,
IN EFI_GUID *DatabaseGuid,
IN void *Database,
IN UINTN DatabaseSize);
void *GetSignatureDatabase(const wchar_t* DatabaseName,
IN EFI_GUID * DatabaseGuid,
OUT UINTN * DatabaseSize);
EFI_STATUS SetSignatureDatabase(const wchar_t* DatabaseName,
IN EFI_GUID * DatabaseGuid,
IN void * Database,
IN UINTN DatabaseSize);
// secure boot authorized database
void *GetAuthorizedDatabase(UINTN *DatabaseSize);

42
rEFIt_UEFI/entry_scan/secureboot.cpp
View File

@ -70,7 +70,7 @@ void EnableSecureBoot(void)
UINTN CloverSignatureSize = 0;
void *CloverSignature = NULL;
// Check in setup mode
if (gSettings.Boot.SecureBoot || !gSettings.Boot.SecureBootSetupMode) {
if (GlobalConfig.SecureBoot || !GlobalConfig.SecureBootSetupMode) {
return;
}
// Ask user if they want to use default keys
@ -80,7 +80,7 @@ void EnableSecureBoot(void)
UINT32 AuthenticationStatus = 0;
UINTN FileSize = 0;
// Open the file buffer
void *FileBuffer = GetFileBufferByFilePath(FALSE, &self.getCloverDirFullPath(), &FileSize, &AuthenticationStatus);
void *FileBuffer = GetFileBufferByFilePath(FALSE, &self.getCloverDirFullDevicePath(), &FileSize, &AuthenticationStatus);
if (FileBuffer != NULL) {
if (FileSize > 0) {
// Retrieve the certificates
@ -99,7 +99,7 @@ void EnableSecureBoot(void)
}
// Check and alert about image not found
if ((FileBuffer == NULL) || (FileSize == 0)) {
XStringW FilePath = FileDevicePathToXStringW(&self.getCloverDirFullPath());
XStringW FilePath = FileDevicePathToXStringW(&self.getCloverDirFullDevicePath());
if (FilePath.notEmpty()) {
DBG("Failed to load Clover image from %ls\n", FilePath.wc_str());
} else {
@ -154,25 +154,25 @@ CONST CHAR16 *SecureBootPolicyToStr(IN UINTN Policy)
STATIC void PrintSecureBootInfo(void)
{
// Nothing to do if secure boot is disabled or in setup mode
if (!gSettings.Boot.SecureBoot) {
DBG("Secure Boot: %s\n", (gSettings.Boot.SecureBootSetupMode ? "Setup" : "Disabled"));
if (!GlobalConfig.SecureBoot) {
DBG("Secure Boot: %s\n", (GlobalConfig.SecureBootSetupMode ? "Setup" : "Disabled"));
} else {
// Secure boot is enabled
DBG("Secure Boot: %s\n", (gSettings.Boot.SecureBootSetupMode ? "Forced" : "Enabled"));
DBG("Secure Boot: %s\n", (GlobalConfig.SecureBootSetupMode ? "Forced" : "Enabled"));
DBG("Boot Policy: %ls\n", SecureBootPolicyToStr(gSettings.Boot.SecureBootPolicy));
}
}
// Alert message for disable failure
STATIC void DisableMessage(IN EFI_STATUS Status,
IN CHAR16 *String,
IN CHAR16 *ErrorString)
STATIC void DisableMessage(const EFI_STATUS Status,
const CHAR16 *String,
const CHAR16 *ErrorString)
{
XStringW Str;
if (ErrorString != NULL) {
Str = SWPrintf("%ls\n%ls\n%ls", String, ErrorString, efiStrError(Status));
Str = SWPrintf("%ls\n%ls\n%s", String, ErrorString, efiStrError(Status));
} else {
Str = SWPrintf("%s\n%s", String, efiStrError(Status));
Str = SWPrintf("%ls\n%s", String, efiStrError(Status));
}
DBG("Secure Boot: %ls", Str.wc_str());
AlertMessage(L"Disable Secure Boot"_XSW, Str);
@ -182,9 +182,9 @@ STATIC void DisableMessage(IN EFI_STATUS Status,
void DisableSecureBoot(void)
{
EFI_STATUS Status;
CHAR16 *ErrorString = NULL;
const CHAR16 *ErrorString = NULL;
// Check in user mode
if (gSettings.Boot.SecureBootSetupMode || !gSettings.Boot.SecureBoot) {
if (GlobalConfig.SecureBootSetupMode || !GlobalConfig.SecureBoot) {
return;
}
UninstallSecureBoot();
@ -317,7 +317,7 @@ CheckSecureBootPolicy(IN OUT EFI_STATUS *AuthenticationStatu
case SECURE_BOOT_POLICY_INSERT:
// If this is forced mode then no insert
if (gSettings.Boot.SecureBootSetupMode) {
if (GlobalConfig.SecureBootSetupMode) {
return TRUE;
}
break;
@ -427,7 +427,7 @@ EFI_STATUS InstallSecureBoot(void)
}
PrintSecureBootInfo();
// Nothing to do if secure boot is disabled or in setup mode
if (!gSettings.Boot.SecureBoot || gSettings.Boot.SecureBootSetupMode) {
if (!GlobalConfig.SecureBoot || GlobalConfig.SecureBootSetupMode) {
return EFI_SUCCESS;
}
// Locate security protocols
@ -477,16 +477,16 @@ void UninstallSecureBoot(void)
void InitializeSecureBoot(void)
{
// Set secure boot variables to firmware values
UINTN Size = sizeof(gSettings.Boot.SecureBootSetupMode);
gRT->GetVariable(L"SetupMode", &gEfiGlobalVariableGuid, NULL, &Size, &gSettings.Boot.SecureBootSetupMode);
Size = sizeof(gSettings.Boot.SecureBoot);
gRT->GetVariable(L"SecureBoot", &gEfiGlobalVariableGuid, NULL, &Size, &gSettings.Boot.SecureBoot);
UINTN Size = sizeof(GlobalConfig.SecureBootSetupMode);
gRT->GetVariable(L"SetupMode", &gEfiGlobalVariableGuid, NULL, &Size, &GlobalConfig.SecureBootSetupMode);
Size = sizeof(GlobalConfig.SecureBoot);
gRT->GetVariable(L"SecureBoot", &gEfiGlobalVariableGuid, NULL, &Size, &GlobalConfig.SecureBoot);
// Make sure that secure boot is disabled if in setup mode, this will
// allow us to specify later in settings that we want to override
// setup mode and pretend like we are in secure boot mode to enforce
// secure boot policy even when secure boot is not present/disabled.
if (gSettings.Boot.SecureBootSetupMode) {
gSettings.Boot.SecureBoot = 0;
if (GlobalConfig.SecureBootSetupMode) {
GlobalConfig.SecureBoot = 0;
}
}

5
rEFIt_UEFI/entry_scan/secureboot.h
View File

@ -26,7 +26,8 @@
// User policy, white and black list with query
#define SECURE_BOOT_POLICY_USER (6)
#ifdef ENABLE_SECURE_BOOT
void InitializeSecureBoot(void);
#endif
#endif /* ENTRY_SCAN_SECUREBOOT_H_ */

12
rEFIt_UEFI/entry_scan/securehash.cpp
View File

@ -607,7 +607,7 @@ STATIC void *CreateImageSignatureDatabase(IN void *FileBuffer,
HashPtr = (UINT8 *)(&(PeHeader.Pe32Plus->OptionalHeader.CheckSum));
} else {
// Invalid image
DBG("Invalid image: 0x%hhX (0x%hhX)\n", FileBuffer, FileSize);
DBG("Invalid image: 0x%llX (0x%llX)\n", uintptr_t(FileBuffer), FileSize);
return NULL;
}
HashSize = (UINTN)(HashPtr - HashBase);
@ -795,7 +795,7 @@ void *GetImageSignatureDatabase(IN void *FileBuffer,
// PE32+
SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&(PeHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
}
DBG("Get image database: 0x%hhX (0x%hhX) 0x%hhX 0x%hhX 0x%hhX (0x%hhX)\n", FileBuffer, FileSize, SecDataDir, SecDataDir->VirtualAddress, ((UINT8 *)FileBuffer) + SecDataDir->VirtualAddress, SecDataDir->Size);
DBG("Get image database: 0x%llX (0x%llX) 0x%llX 0x%X 0x%s (0x%X)\n", uintptr_t(FileBuffer), FileSize, uintptr_t(SecDataDir), SecDataDir->VirtualAddress, ((UINT8 *)FileBuffer) + SecDataDir->VirtualAddress, SecDataDir->Size);
// Check the security data directory is found and valid
if ((SecDataDir->VirtualAddress >= FileSize) || ((SecDataDir->VirtualAddress + SecDataDir->Size) > FileSize)) {
DBG("Security directory exceeds the file limits\n");
@ -824,7 +824,7 @@ void *GetImageSignatureDatabase(IN void *FileBuffer,
if (Alignment != 0) {
Alignment = SECDIR_ALIGNMENT_SIZE - Alignment;
}
DBG("Embedded certificate: 0x%hhX (0x%hhX) [0x%hhX]\n", Cert, Length, Cert->wCertificateType);
DBG("Embedded certificate: 0x%llX (0x%llX) [0x%hX]\n", uintptr_t(Cert), Length, Cert->wCertificateType);
// Get the certificate's type
if (Cert->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
// PKCS#7
@ -862,19 +862,19 @@ void *GetImageSignatureDatabase(IN void *FileBuffer,
}
// Append the signature if valid
if ((SigGuid != NULL) && (Signature != NULL) && (SigSize > 0)) {
DBG("Found signature certificate: 0x%hhX (0x%hhX) %s\n", Signature, SigSize, strguid(SigGuid));
DBG("Found signature certificate: 0x%llX (0x%llX) %s\n", uintptr_t(Signature), SigSize, strguid(SigGuid));
if (EFI_ERROR(AppendSignatureToDatabase(&Database, &Size, SigGuid, Signature, SigSize))) {
break;
}
} else {
DBG("Skipping non-signature certificate: 0x%hhX (0x%hhX) [0x%hhX]\n", Cert, Length, Cert->wCertificateType);
DBG("Skipping non-signature certificate: 0x%llX (0x%llX) [0x%hX]\n", uintptr_t(Cert), Length, Cert->wCertificateType);
}
// Advance to next certificate
Ptr += (Length + Alignment);
}
// Check if there is some sort of corruption
if (Ptr != End) {
DBG("Failed to retrieve image database: 0x%hhX - 0x%hhX @ 0x%hhX\n", (((UINT8 *)FileBuffer) + SecDataDir->VirtualAddress), End, Ptr);
DBG("Failed to retrieve image database: 0x%llX - 0x%llX @ 0x%llX\n", uintptr_t((((UINT8 *)FileBuffer) + SecDataDir->VirtualAddress)), uintptr_t(End), uintptr_t(Ptr));
// Don't return anything if not at end
if (Database != NULL) {
FreePool(Database);

133
rEFIt_UEFI/entry_scan/securemenu.cpp
View File

@ -50,6 +50,10 @@
#include <Guid/ImageAuthentication.h>
extern "C" {
#include <Library/DxeServicesLib.h>
}
#ifndef DEBUG_ALL
#define DEBUG_SECURE_MENU 1
#else
@ -68,9 +72,9 @@ extern BOOLEAN gThemeNeedInit;
// Add secure boot tool entry
void AddSecureBootTool(void)
{
LOADER_ENTRY *Entry;
// LOADER_ENTRY *Entry;
// If in forced mode or no secure boot then don't add tool
if (!gSettings.Boot.SecureBoot && !gSettings.Boot.SecureBootSetupMode) {
if (!GlobalConfig.SecureBoot && !GlobalConfig.SecureBootSetupMode) {
return;
}
//panic("not done yet");
@ -97,15 +101,16 @@ void AddSecureBootTool(void)
}
STATIC REFIT_ABSTRACT_MENU_ENTRY QueryEntry[] = {
{ L"Deny authentication"_XSW, SECURE_BOOT_POLICY_DENY, 0, 0, 0, NULL, NULL, NULL, {0, 0, 0, 0}, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"Allow authentication"_XSW, SECURE_BOOT_POLICY_ALLOW, 0, 0, 0, NULL, NULL, NULL, {0, 0, 0, 0}, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"Insert authentication into database"_XSW, SECURE_BOOT_POLICY_INSERT, 0, 0, 0, NULL, NULL, NULL, {0, 0, 0, 0}, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
STATIC REFIT_SIMPLE_MENU_ENTRY_TAG QueryEntry[] = {
{ L"Deny authentication"_XSW, SECURE_BOOT_POLICY_DENY, ActionEnter },
{ L"Allow authentication"_XSW, SECURE_BOOT_POLICY_ALLOW, ActionEnter },
{ L"Insert authentication into database"_XSW, SECURE_BOOT_POLICY_INSERT, ActionEnter },
};
STATIC REFIT_MENU_ENTRY *QueryEntries[] = { QueryEntry, QueryEntry + 1, QueryEntry + 2 };
STATIC REFIT_MENU_SCREEN QueryUserMenu = { 0, L"Secure Boot Authentication"_XSW, L""_XSW, 3, NULL, 2, QueryEntries,
0, NULL, NULL, FALSE, FALSE, 0, 0, 0, 0,
/* FILM_CENTRE, FILM_CENTRE,*/ { 0, 0, 0, 0 }, NULL };
/*commented out to avoid warning: STATIC*/ REFIT_SIMPLE_MENU_ENTRY_TAG *QueryEntries[] = { QueryEntry, QueryEntry + 1, QueryEntry + 2 };
//STATIC REFIT_MENU_SCREEN QueryUserMenu = { 0, L"Secure Boot Authentication"_XSW, L""_XSW, 3, NULL, 2, QueryEntries,
// 0, NULL, NULL, FALSE, FALSE, 0, 0, 0, 0,
// /* FILM_CENTRE, FILM_CENTRE,*/ { 0, 0, 0, 0 }, NULL };
STATIC REFIT_MENU_SCREEN QueryUserMenu = { 0, L"Secure Boot Authentication"_XSW, L""_XSW }; // TODO:add QueryEntries
// Query the secure boot user what to do with image
UINTN QuerySecureBootUser(IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
@ -114,20 +119,18 @@ UINTN QuerySecureBootUser(IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
// Check parameters
if (DevicePath != NULL) {
// Get the device path string
QueryUserMenu.InfoLines.setEmpty()
QueryUserMenu.InfoLines.setEmpty();
QueryUserMenu.InfoLines.Add(L"Please select the authentication action for"_XSW);
QueryUserMenu.InfoLines.AddNoNull(FileDevicePathToXStringW((EFI_DEVICE_PATH_PROTOCOL *)DevicePath);
QueryUserMenu.InfoLines.AddNoNull(FileDevicePathToXStringW((EFI_DEVICE_PATH_PROTOCOL *)DevicePath));
if (QueryUserMenu.InfoLines.size() >= 1) {
// Get the device path file path
QueryUserMenu.InfoLines.AddNoNull(FileDevicePathToXStringW((EFI_DEVICE_PATH_PROTOCOL *)DevicePath);
QueryUserMenu.InfoLines.AddNoNull(FileDevicePathToXStringW((EFI_DEVICE_PATH_PROTOCOL *)DevicePath));
if (QueryUserMenu.InfoLines.size() >= 2) {
// Create the entries
REFIT_SIMPLE_MENU_ENTRY_TAG *ChosenEntry = NULL;
UINTN MenuExit;
// Update the menu
QueryUserMenu.Entries.size() = gSettings.Boot.SecureBootSetupMode ? 2 : 3;
// Debug message
DBG("VerifySecureBootImage: Query user for authentication action for %ls\n", QueryUserMenu.InfoLines[1]);
DBG("VerifySecureBootImage: Query user for authentication action for %ls\n", QueryUserMenu.InfoLines[1].wc_str());
// Because we may
if (!gGuiIsReady) {
InitScreen(FALSE);
@ -142,12 +145,13 @@ UINTN QuerySecureBootUser(IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
// Run the query menu
do
{
MenuExit = QueryUserMenu.RunMenu(&ChosenEntry);
if ((ChosenEntry != NULL) &&
((MenuExit == MENU_EXIT_ENTER) || (MenuExit == MENU_EXIT_DETAILS))) {
Response = (UINTN)ChosenEntry->Tag;
MenuExit = MENU_EXIT_ESCAPE;
}
REFIT_ABSTRACT_MENU_ENTRY* AbstractChosenEntry = ChosenEntry;
MenuExit = QueryUserMenu.RunMenu(&AbstractChosenEntry);
if ((ChosenEntry != NULL) &&
((MenuExit == MENU_EXIT_ENTER) || (MenuExit == MENU_EXIT_DETAILS))) {
Response = (UINTN)ChosenEntry->Tag;
MenuExit = MENU_EXIT_ESCAPE;
}
} while (MenuExit != MENU_EXIT_ESCAPE);
}
}
@ -375,27 +379,28 @@ extern REFIT_MENU_ITEM_RETURN MenuEntryReturn;
#define TAG_CLEAR 4
#define TAG_DISABLE 5
STATIC REFIT_MENU_ITEM_RETURN SecureBootPolicyEntry = { NULL, TAG_POLICY, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL };
STATIC REFIT_MENU_ENTRY InsertImageSignatureEntry = { L"Add image authentication to database", TAG_INSERT, 0, 0, 0, NULL, NULL, NULL, {0, 0, 0, 0}, ActionEnter, ActionNone, ActionNone, ActionNone, NULL };
STATIC REFIT_MENU_ENTRY RemoveImageSignatureEntry = { L"Remove image authentication from database", TAG_REMOVE, 0, 0, 0, NULL, NULL, NULL, {0, 0, 0, 0}, ActionEnter, ActionNone, ActionNone, ActionNone, NULL };
STATIC REFIT_MENU_ENTRY ClearImageSignatureEntry = { L"Clear image authentication database", TAG_CLEAR, 0, 0, 0, NULL, NULL, NULL, {0, 0, 0, 0}, ActionEnter, ActionNone, ActionNone, ActionNone, NULL };
STATIC REFIT_MENU_ENTRY DisableSecureBootEntry = { L"Disable secure boot", TAG_DISABLE, 0, 0, 0, NULL, NULL, NULL, {0, 0, 0, 0}, ActionEnter, ActionNone, ActionNone, ActionNone, NULL };
STATIC REFIT_MENU_ENTRY *SecureBootEntries[] = { NULL, NULL, NULL, NULL, NULL, NULL };
STATIC REFIT_MENU_SCREEN SecureBootMenu = { 0, L"Secure Boot Configuration", NULL, 0, NULL, 0, SecureBootEntries,
0, NULL, NULL, FALSE, FALSE, 0, 0, 0, 0,
/* FILM_CENTRE, FILM_CENTRE,*/ { 0, 0, 0, 0 }, NULL };
STATIC REFIT_SIMPLE_MENU_ENTRY_TAG SecureBootPolicyEntry = { L""_XSW, TAG_POLICY, ActionEnter };
STATIC REFIT_SIMPLE_MENU_ENTRY_TAG InsertImageSignatureEntry = { L"Add image authentication to database"_XSW, TAG_INSERT, ActionEnter };
STATIC REFIT_SIMPLE_MENU_ENTRY_TAG RemoveImageSignatureEntry = { L"Remove image authentication from database"_XSW, TAG_REMOVE, ActionEnter };
STATIC REFIT_SIMPLE_MENU_ENTRY_TAG ClearImageSignatureEntry = { L"Clear image authentication database"_XSW, TAG_CLEAR, ActionEnter };
STATIC REFIT_SIMPLE_MENU_ENTRY_TAG DisableSecureBootEntry = { L"Disable secure boot"_XSW, TAG_DISABLE, ActionEnter };
/*commented out to avoid warning: STATIC*/ REFIT_ABSTRACT_MENU_ENTRY *SecureBootEntries[] = { NULL, NULL, NULL, NULL, NULL, NULL };
//STATIC REFIT_MENU_SCREEN SecureBootMenu = { 0, L"Secure Boot Configuration"_XSW, NULL, 0, NULL, 0, SecureBootEntries,
// 0, NULL, NULL, FALSE, FALSE, 0, 0, 0, 0,
// /* FILM_CENTRE, FILM_CENTRE,*/ { 0, 0, 0, 0 }, NULL };
STATIC REFIT_MENU_SCREEN SecureBootMenu = { 0, L"Secure Boot Configuration"_XSW, L""_XSW }; // TODO: what was this SecureBootEntries array.
STATIC REFIT_MENU_ENTRY SecureBootPolicyNameEntry[] = {
{ L"Deny", SECURE_BOOT_POLICY_DENY, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"Allow", SECURE_BOOT_POLICY_ALLOW, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"Query", SECURE_BOOT_POLICY_QUERY, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"Insert", SECURE_BOOT_POLICY_INSERT, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"WhiteList", SECURE_BOOT_POLICY_WHITELIST, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"BlackList", SECURE_BOOT_POLICY_BLACKLIST, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
{ L"User", SECURE_BOOT_POLICY_USER, 0, 0, 0, NULL, NULL, NULL, { 0, 0, 0, 0 }, ActionEnter, ActionNone, ActionNone, ActionNone, NULL },
STATIC REFIT_SIMPLE_MENU_ENTRY_TAG SecureBootPolicyNameEntry[] = {
{ L"Deny"_XSW, SECURE_BOOT_POLICY_DENY, ActionEnter },
{ L"Allow"_XSW, SECURE_BOOT_POLICY_ALLOW, ActionEnter },
{ L"Query"_XSW, SECURE_BOOT_POLICY_QUERY, ActionEnter },
{ L"Insert"_XSW, SECURE_BOOT_POLICY_INSERT, ActionEnter },
{ L"WhiteList"_XSW, SECURE_BOOT_POLICY_WHITELIST, ActionEnter },
{ L"BlackList"_XSW, SECURE_BOOT_POLICY_BLACKLIST, ActionEnter },
{ L"User"_XSW, SECURE_BOOT_POLICY_USER, ActionEnter },
};
STATIC REFIT_MENU_ENTRY *SecureBootPolicyEntries[] = {
/*commented out to avoid warning: STATIC*/ REFIT_ABSTRACT_MENU_ENTRY *SecureBootPolicyEntries[] = {
SecureBootPolicyNameEntry,
SecureBootPolicyNameEntry + 1,
SecureBootPolicyNameEntry + 2,
@ -406,10 +411,11 @@ STATIC REFIT_MENU_ENTRY *SecureBootPolicyEntries[] = {
&MenuEntryReturn
};
STATIC REFIT_MENU_SCREEN SecureBootPolicyMenu = { 0, L"Secure Boot Policy", NULL, 0, NULL,
sizeof(SecureBootPolicyEntries) / sizeof(REFIT_MENU_ENTRY *), SecureBootPolicyEntries,
0, NULL, NULL, FALSE, FALSE, 0, 0, 0, 0,
/* FILM_CENTRE, FILM_CENTRE,*/ { 0, 0, 0, 0 } , NULL };
//STATIC REFIT_MENU_SCREEN SecureBootPolicyMenu = { 0, L"Secure Boot Policy", NULL, 0, NULL,
// sizeof(SecureBootPolicyEntries) / sizeof(REFIT_MENU_ENTRY *), SecureBootPolicyEntries,
// 0, NULL, NULL, FALSE, FALSE, 0, 0, 0, 0,
// /* FILM_CENTRE, FILM_CENTRE,*/ { 0, 0, 0, 0 } , NULL };
STATIC REFIT_MENU_SCREEN SecureBootPolicyMenu = { 0, L"Secure Boot Policy"_XSW, L""_XSW }; // TODO: add entries from SecureBootPolicyEntries
// Configure secure boot
BOOLEAN ConfigureSecureBoot(void)
@ -417,27 +423,28 @@ BOOLEAN ConfigureSecureBoot(void)
BOOLEAN StillConfiguring = TRUE;
do
{
UINTN Index = 0, MenuExit;
REFIT_MENU_ENTRY *ChosenEntry = NULL;
UINTN MenuExit;
REFIT_SIMPLE_MENU_ENTRY_TAG *ChosenEntry = NULL;
EFI_DEVICE_PATH *DevicePath = NULL;
// Add the entry for secure boot policy
SecureBootPolicyEntry.Title.SPrintf("Secure boot policy: %ls", SecureBootPolicyToStr(gSettings.Boot.SecureBootPolicy));
SecureBootPolicyEntry.Title.SWPrintf("Secure boot policy: %ls", SecureBootPolicyToStr(gSettings.Boot.SecureBootPolicy));
if (SecureBootPolicyEntry.Title.isEmpty()) {
break;
}
SecureBootPolicyMenu.Title = SecureBootPolicyEntry.Title;
SecureBootMenu.Entries[Index++] = &SecureBootPolicyEntry;
SecureBootMenu.Entries.setEmpty();
SecureBootMenu.Entries.AddReference(&SecureBootPolicyEntry, false);
// Get the proper entries for the secure boot mode
if (!gSettings.Boot.SecureBootSetupMode) {
SecureBootMenu.Entries[Index++] = &InsertImageSignatureEntry;
SecureBootMenu.Entries[Index++] = &RemoveImageSignatureEntry;
SecureBootMenu.Entries[Index++] = &ClearImageSignatureEntry;
SecureBootMenu.Entries[Index++] = &DisableSecureBootEntry;
if (!GlobalConfig.SecureBootSetupMode) {
SecureBootMenu.Entries.AddReference(&InsertImageSignatureEntry, false);
SecureBootMenu.Entries.AddReference(&RemoveImageSignatureEntry, false);
SecureBootMenu.Entries.AddReference(&ClearImageSignatureEntry, false);
SecureBootMenu.Entries.AddReference(&DisableSecureBootEntry, false);
}
SecureBootMenu.Entries[Index++] = &MenuEntryReturn;
SecureBootMenu.Entries.size() = Index;
SecureBootMenu.Entries.AddReference(&MenuEntryReturn, false);
// Run the configuration menu
MenuExit = SecureBootMenu.RunMenu(&ChosenEntry);
REFIT_ABSTRACT_MENU_ENTRY* absPtr = ChosenEntry;
MenuExit = SecureBootMenu.RunMenu(&absPtr);
if ((ChosenEntry != NULL) &&
((MenuExit == MENU_EXIT_ENTER) || (MenuExit == MENU_EXIT_DETAILS))) {
switch (ChosenEntry->Tag) {
@ -446,7 +453,8 @@ BOOLEAN ConfigureSecureBoot(void)
do
{
ChosenEntry = NULL;
MenuExit = SecureBootPolicyMenu.RunMenu(&ChosenEntry);
absPtr = ChosenEntry;
MenuExit = SecureBootPolicyMenu.RunMenu(&absPtr);
if ((ChosenEntry != NULL) &&
((MenuExit == MENU_EXIT_ENTER) || (MenuExit == MENU_EXIT_DETAILS))) {
switch (ChosenEntry->Tag) {
@ -489,10 +497,10 @@ BOOLEAN ConfigureSecureBoot(void)
// Clear authentication database
if (YesNoMessage(L"Clear Authentication Database", L"Are you sure you want to clear\nthe image authentication database?")) {
DBG("User cleared authentication database\n");
AlertMessage(L"Clear Authentication Database",
AlertMessage(L"Clear Authentication Database"_XSW,
EFI_ERROR(ClearAuthorizedDatabase()) ?
L"Clearing the image authentication database failed!" :
L"Cleared image authentication database successfully");
L"Clearing the image authentication database failed!"_XSW :
L"Cleared image authentication database successfully"_XSW);
}
break;
@ -501,10 +509,10 @@ BOOLEAN ConfigureSecureBoot(void)
if (YesNoMessage(L"Disable Secure Boot", L"Are you sure you want to disable secure boot?")) {
DBG("User disabled secure boot\n");
DisableSecureBoot();
if (!gSettings.Boot.SecureBoot) {
if (!GlobalConfig.SecureBoot) {
return TRUE;
}
AlertMessage(L"Disable Secure Boot", L"Disabling secure boot failed!\nClover does not appear to own the PK");
AlertMessage(L"Disable Secure Boot"_XSW, L"Disabling secure boot failed!\nClover does not appear to own the PK"_XSW);
}
break;
@ -515,7 +523,6 @@ BOOLEAN ConfigureSecureBoot(void)
} else if (MenuExit == MENU_EXIT_ESCAPE) {
StillConfiguring = FALSE;
}
FreePool(SecureBootPolicyEntry.Title);
} while (StillConfiguring);
return FALSE;
}

14
rEFIt_UEFI/entry_scan/securevars.cpp
View File

@ -231,7 +231,7 @@ EFI_STATUS EnrollSecureBootKeys(IN void *AuthorizedDatabase,
}
// Read signature database
void *GetSignatureDatabase(IN CHAR16 *DatabaseName,
void *GetSignatureDatabase(const wchar_t *DatabaseName,
IN EFI_GUID *DatabaseGuid,
OUT UINTN *DatabaseSize)
{
@ -392,7 +392,7 @@ EFI_STATUS SetSignedVariable(IN CHAR16 *DatabaseName,
if ((DatabaseName == NULL) || (DatabaseGuid == NULL)) {
return EFI_INVALID_PARAMETER;
}
DBG("Setting secure variable: %s %ls 0x%hhX (0x%hhX)\n", strguid(DatabaseGuid), DatabaseName, Database, DatabaseSize);
DBG("Setting secure variable: %s %ls 0x%llX (0x%llX)\n", strguid(DatabaseGuid), DatabaseName, uintptr_t(Database), DatabaseSize);
NameLen = StrLen(DatabaseName);
if (NameLen == 0) {
return EFI_INVALID_PARAMETER;
@ -403,9 +403,9 @@ EFI_STATUS SetSignedVariable(IN CHAR16 *DatabaseName,
if (EFI_ERROR(Status)) {
return Status;
}
DBG("Timestamp: %t\n", Timestamp);
// TODO: %t specifier DBG("Timestamp: %t\n", Timestamp);
// In user mode we need to sign the database with exchange key
if (!gSettings.Boot.SecureBootSetupMode) {
if (!GlobalConfig.SecureBootSetupMode) {
// Initialize the cyphers and digests
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
@ -491,7 +491,7 @@ EFI_STATUS SetSignedVariable(IN CHAR16 *DatabaseName,
} else {
CopyMem(((UINT8 *)Authentication) + sizeof(EFI_TIME) + sizeof(EFI_GUID) + sizeof(UINT32) + sizeof(UINT16) + sizeof(UINT16), Database, DatabaseSize); //Payload, PayloadSize);
}
DBG("Writing secure variable 0x%hhX (0x%hhX) ...\n", Authentication, Size);
DBG("Writing secure variable 0x%llX (0x%llX) ...\n", uintptr_t(Authentication), Size);
// Write the database variable
Status = gRT->SetVariable(DatabaseName, DatabaseGuid, SET_DATABASE_ATTRIBUTES, Size, Authentication);
// Cleanup the authentication buffer
@ -507,8 +507,8 @@ EFI_STATUS SetSignatureDatabase(IN CHAR16 *DatabaseName,
{
EFI_STATUS Status;
// Check is valid to set database
if ((gSettings.Boot.SecureBoot && gSettings.Boot.SecureBootSetupMode) ||
(!gSettings.Boot.SecureBoot && !gSettings.Boot.SecureBootSetupMode)) {
if ((GlobalConfig.SecureBoot && GlobalConfig.SecureBootSetupMode) ||
(!GlobalConfig.SecureBoot && !GlobalConfig.SecureBootSetupMode)) {
return EFI_NOT_FOUND;
}
// Erase database

1
rEFIt_UEFI/gui/REFIT_MENU_SCREEN.h
View File

@ -114,7 +114,6 @@ extern INTN EntriesPosX, EntriesPosY;
class REFIT_MENU_ENTRY_ITEM_ABSTRACT;
class REFIT_MENU_ENTRY;
class REFIT_ABSTRACT_MENU_ENTRY;
typedef void (REFIT_MENU_SCREEN::*MENU_STYLE_FUNC)(IN UINTN Function, IN CONST CHAR16 *ParamText);

4
rEFIt_UEFI/include/Efi.h
View File

@ -41,7 +41,7 @@ extern "C" {
#include <Protocol/SimpleTextIn.h>
#include <Protocol/SimpleTextOut.h>
#include <Library/GenericBdsLib.h>
#include <Library/HiiLib.h>
//#include <Library/HiiLib.h>
#include <Library/HdaModels.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/PcdLib.h>
@ -63,7 +63,7 @@ extern "C" {
#include <Library/HobLib.h>
#include <Library/SerialPortLib.h>
#include <Library/HdaVerbs.h>
#include <Library/NetLib.h>
//#include <Library/NetLib.h>
#include <Framework/FrameworkInternalFormRepresentation.h>

23
rEFIt_UEFI/refit.inf
View File

@ -398,43 +398,30 @@
CloverPkg.dec
OpenCorePkg/OpenCorePkg.dec
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
NetworkPkg/NetworkPkg.dec
IntelFrameworkPkg/IntelFrameworkPkg.dec
IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
OpenCorePkg/OpenCorePkg.dec
# Library/OpensslLib/openssl-1.0.1e/OpensslLib.dec
[LibraryClasses]
UefiApplicationEntryPoint
UefiBootServicesTableLib
UefiBootServicesTableLib # for gBS and gST
UefiLib
MemoryAllocationLib
BaseMemoryLib
BaseLib
DevicePathLib
OcDeviceTreeLib
DebugLib
DxeServicesLib
DxeServicesTableLib
DxeServicesTableLib # for gDS
HdaDevicesLib
HobLib
IoLib
# HiiLib
# EfiFileLib
PeCoffLib
# GenericBdsLib
MemLogLib
VideoBiosPatchLib
OpensslLib
NetLib
# OpensslLib # for secureboot, I think
WaveLib
BaseDebugPrintErrorLevelLib
BaseSerialPortLib
OpenCoreLib
#OcDebugLogLib
DebugLib
OcDebugLogLibOc2Clover
OcAppleBootPolicyLib
CppMemLib
[Guids]

2
rEFIt_UEFI/refit/main.cpp
View File

@ -305,7 +305,7 @@ static EFI_STATUS LoadEFIImage(IN EFI_DEVICE_PATH *DevicePath,
#ifdef ENABLE_SECURE_BOOT
// Verify secure boot policy
if (gSettings.Boot.SecureBoot && gSettings.Boot.SecureBootSetupMode) {
if (GlobalConfig.SecureBoot && GlobalConfig.SecureBootSetupMode) {
// Only verify if in forced secure boot mode
EFI_STATUS Status = VerifySecureBootImage(DevicePath);
if (EFI_ERROR(Status)) {