1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "sbat.h"
4 #include "secure-boot.h"
5 #include "util.h"
6
secure_boot_enabled(void)7 BOOLEAN secure_boot_enabled(void) {
8 BOOLEAN secure;
9 EFI_STATUS err;
10
11 err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure);
12
13 return !EFI_ERROR(err) && secure;
14 }
15
secure_boot_mode(void)16 SecureBootMode secure_boot_mode(void) {
17 BOOLEAN secure, audit = FALSE, deployed = FALSE, setup = FALSE;
18 EFI_STATUS err;
19
20 err = efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SecureBoot", &secure);
21 if (EFI_ERROR(err))
22 return SECURE_BOOT_UNSUPPORTED;
23
24 /* We can assume FALSE for all these if they are abscent (AuditMode and
25 * DeployedMode may not exist on older firmware). */
26 (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"AuditMode", &audit);
27 (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"DeployedMode", &deployed);
28 (void) efivar_get_boolean_u8(EFI_GLOBAL_GUID, L"SetupMode", &setup);
29
30 return decode_secure_boot_mode(secure, audit, deployed, setup);
31 }
32
33 #ifdef SBAT_DISTRO
34 static const char sbat[] _used_ _section_(".sbat") = SBAT_SECTION_TEXT;
35 #endif
36