tenpoku1000/efi_main.c

## efi_main.c

// Copyright 2015 Shin'ichi Ichikawa. Released under the MIT license.

/**

Copyright (c) Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution.  The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/

#include <efi.h>
#include <efilib.h>

static void reset_system(EFI_STATUS status)
{
    EFI_STATUS local_status = EFI_SUCCESS;

    do {

        EFI_INPUT_KEY key;
        local_status = ST->ConIn->ReadKeyStroke(ST->ConIn, &key);

    } while (EFI_SUCCESS != local_status);

    RT->ResetSystem(EfiResetCold, status, 0, NULL);
}

static void error_print(CHAR16* msg)
{
    Print(msg);

    reset_system(EFI_SUCCESS);
}

///
///  "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
///  Standard Secure Boot mode is the default mode as UEFI Spec's description.
///  Custom Secure Boot mode allows for more flexibility as specified in the following:
///    Can enroll or delete PK without existing PK's private key.
///    Can enroll or delete KEK without existing PK's private key.
///    Can enroll or delete signature from DB/DBX without KEK's private key.
///
#define EFI_CUSTOM_MODE_NAME          L"CustomMode"
#define CUSTOM_SECURE_BOOT_MODE       1
#define STANDARD_SECURE_BOOT_MODE     0

EFI_GUID gEfiCustomModeEnableGuid = { 0xc076ec0c, 0x7028, 0x4399,{ 0xa0, 0x72, 0x71, 0xee, 0x5c, 0x44, 0x8b, 0x9f } };

/**

Set the platform secure boot mode into "Custom" or "Standard" mode.

@param[in]   SecureBootMode        New secure boot mode: STANDARD_SECURE_BOOT_MODE or
CUSTOM_SECURE_BOOT_MODE.

@return EFI_SUCCESS                The platform has switched to the special mode successfully.
@return other                      Fail to operate the secure boot mode.

**/
EFI_STATUS SetSecureBootMode(IN UINT8 SecureBootMode)
{
    return RT->SetVariable(
        EFI_CUSTOM_MODE_NAME,
        &gEfiCustomModeEnableGuid,
        EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
        sizeof(UINT8),
        &SecureBootMode
    );
}

EFI_STATUS GetSecureBootMode(UINTN* data_size, UINT8* SecureBootMode)
{
    return RT->GetVariable(
        EFI_CUSTOM_MODE_NAME,
        &gEfiCustomModeEnableGuid,
        NULL,
        data_size,
        &SecureBootMode
    );
}

EFI_STATUS efi_main(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE* SystemTable)
{
    InitializeLib(ImageHandle, SystemTable);

    Print(L"When you press any key, the system will reboot.\n");
    Print(L"\n");

    UINT8 secure_boot_mode = 0;
    UINTN data_size = sizeof(UINT8);

    EFI_STATUS status = GetSecureBootMode(&data_size, &secure_boot_mode);

    switch (status) {
    case EFI_SUCCESS:
        switch (secure_boot_mode) {
        case STANDARD_SECURE_BOOT_MODE:
            Print(L"STANDARD_SECURE_BOOT_MODE\n");
            break;
        case CUSTOM_SECURE_BOOT_MODE:
            Print(L"CUSTOM_SECURE_BOOT_MODE\n");
            break;
        default:
            Print(L"GetSecureBootMode() unknown mode (%X)\n", secure_boot_mode);
            break;
        }
        break;
    case EFI_NOT_FOUND:
        Print(L"GetSecureBootMode() error: EFI_NOT_FOUND\n");
        break;
    case EFI_BUFFER_TOO_SMALL:
        Print(L"GetSecureBootMode() error: EFI_BUFFER_TOO_SMALL\n");
        break;
    default:
        Print(L"GetSecureBootMode() error: status =(%X)\n", status);
        break;
    }

    status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);

    switch (status) {
    case EFI_SUCCESS:
        break;
    case EFI_NOT_FOUND:
        Print(L"SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE) error: EFI_NOT_FOUND\n");
        break;
    case EFI_BUFFER_TOO_SMALL:
        Print(L"SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE) error: EFI_BUFFER_TOO_SMALL\n");
        break;
    default:
        Print(L"SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE) error: status =(%X)\n", status);
        break;
    }

    reset_system(EFI_SUCCESS);

    return EFI_SUCCESS;
}

	// Copyright 2015 Shin'ichi Ichikawa. Released under the MIT license.

	/**

	Copyright (c) Intel Corporation. All rights reserved.<BR>
	This program and the accompanying materials
	are licensed and made available under the terms and conditions of the BSD License
	which accompanies this distribution. The full text of the license may be found at
	http://opensource.org/licenses/bsd-license.php

	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

	**/

	#include <efi.h>
	#include <efilib.h>

	static void reset_system(EFI_STATUS status)
	{
	EFI_STATUS local_status = EFI_SUCCESS;

	do {

	EFI_INPUT_KEY key;
	local_status = ST->ConIn->ReadKeyStroke(ST->ConIn, &key);

	} while (EFI_SUCCESS != local_status);

	RT->ResetSystem(EfiResetCold, status, 0, NULL);
	}

	static void error_print(CHAR16* msg)
	{
	Print(msg);

	reset_system(EFI_SUCCESS);
	}

	///
	/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
	/// Standard Secure Boot mode is the default mode as UEFI Spec's description.
	/// Custom Secure Boot mode allows for more flexibility as specified in the following:
	/// Can enroll or delete PK without existing PK's private key.
	/// Can enroll or delete KEK without existing PK's private key.
	/// Can enroll or delete signature from DB/DBX without KEK's private key.
	///
	#define EFI_CUSTOM_MODE_NAME L"CustomMode"
	#define CUSTOM_SECURE_BOOT_MODE 1
	#define STANDARD_SECURE_BOOT_MODE 0

	EFI_GUID gEfiCustomModeEnableGuid = { 0xc076ec0c, 0x7028, 0x4399,{ 0xa0, 0x72, 0x71, 0xee, 0x5c, 0x44, 0x8b, 0x9f } };

	/**

	Set the platform secure boot mode into "Custom" or "Standard" mode.

	@param[in] SecureBootMode New secure boot mode: STANDARD_SECURE_BOOT_MODE or
	CUSTOM_SECURE_BOOT_MODE.

	@return EFI_SUCCESS The platform has switched to the special mode successfully.
	@return other Fail to operate the secure boot mode.

	**/
	EFI_STATUS SetSecureBootMode(IN UINT8 SecureBootMode)
	{
	return RT->SetVariable(
	EFI_CUSTOM_MODE_NAME,
	&gEfiCustomModeEnableGuid,
	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS,
	sizeof(UINT8),
	&SecureBootMode
	);
	}

	EFI_STATUS GetSecureBootMode(UINTN* data_size, UINT8* SecureBootMode)
	{
	return RT->GetVariable(
	EFI_CUSTOM_MODE_NAME,
	&gEfiCustomModeEnableGuid,
	NULL,
	data_size,
	&SecureBootMode
	);
	}

	EFI_STATUS efi_main(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE* SystemTable)
	{
	InitializeLib(ImageHandle, SystemTable);

	Print(L"When you press any key, the system will reboot.\n");
	Print(L"\n");

	UINT8 secure_boot_mode = 0;
	UINTN data_size = sizeof(UINT8);

	EFI_STATUS status = GetSecureBootMode(&data_size, &secure_boot_mode);

	switch (status) {
	case EFI_SUCCESS:
	switch (secure_boot_mode) {
	case STANDARD_SECURE_BOOT_MODE:
	Print(L"STANDARD_SECURE_BOOT_MODE\n");
	break;
	case CUSTOM_SECURE_BOOT_MODE:
	Print(L"CUSTOM_SECURE_BOOT_MODE\n");
	break;
	default:
	Print(L"GetSecureBootMode() unknown mode (%X)\n", secure_boot_mode);
	break;
	}
	break;
	case EFI_NOT_FOUND:
	Print(L"GetSecureBootMode() error: EFI_NOT_FOUND\n");
	break;
	case EFI_BUFFER_TOO_SMALL:
	Print(L"GetSecureBootMode() error: EFI_BUFFER_TOO_SMALL\n");
	break;
	default:
	Print(L"GetSecureBootMode() error: status =(%X)\n", status);
	break;
	}

	status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);

	switch (status) {
	case EFI_SUCCESS:
	break;
	case EFI_NOT_FOUND:
	Print(L"SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE) error: EFI_NOT_FOUND\n");
	break;
	case EFI_BUFFER_TOO_SMALL:
	Print(L"SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE) error: EFI_BUFFER_TOO_SMALL\n");
	break;
	default:
	Print(L"SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE) error: status =(%X)\n", status);
	break;
	}

	reset_system(EFI_SUCCESS);

	return EFI_SUCCESS;
	}