summaryrefslogtreecommitdiff
path: root/src/shared
diff options
context:
space:
mode:
Diffstat (limited to 'src/shared')
-rw-r--r--src/shared/efivars.c30
-rw-r--r--src/shared/efivars.h2
2 files changed, 32 insertions, 0 deletions
diff --git a/src/shared/efivars.c b/src/shared/efivars.c
index c42956f84d..4fb77428f2 100644
--- a/src/shared/efivars.c
+++ b/src/shared/efivars.c
@@ -34,6 +34,36 @@ bool is_efi_boot(void) {
return access("/sys/firmware/efi", F_OK) >= 0;
}
+static int read_flag(const char *varname) {
+ int r;
+ void *v;
+ size_t s;
+ uint8_t b;
+
+ r = efi_get_variable(EFI_VENDOR_GLOBAL, varname, NULL, &v, &s);
+ if (r < 0)
+ return r;
+
+ if (s != 1) {
+ r = -EINVAL;
+ goto finish;
+ }
+
+ b = *(uint8_t *)v;
+ r = b > 0;
+finish:
+ free(v);
+ return r;
+}
+
+int is_efi_secure_boot(void) {
+ return read_flag("SecureBoot");
+}
+
+int is_efi_secure_boot_setup_mode(void) {
+ return read_flag("SetupMode");
+}
+
int efi_get_variable(
sd_id128_t vendor,
const char *name,
diff --git a/src/shared/efivars.h b/src/shared/efivars.h
index 380e038f69..2b88c6075c 100644
--- a/src/shared/efivars.h
+++ b/src/shared/efivars.h
@@ -32,6 +32,8 @@
#define EFI_VENDOR_GLOBAL SD_ID128_MAKE(8b,e4,df,61,93,ca,11,d2,aa,0d,00,e0,98,03,2b,8c)
bool is_efi_boot(void);
+int is_efi_secure_boot(void);
+int is_efi_secure_boot_setup_mode(void);
int efi_get_variable(sd_id128_t vendor, const char *name, uint32_t *attribute, void **value, size_t *size);
int efi_get_variable_string(sd_id128_t vendor, const char *name, char **p);