cb345da9fe
mokutil is a program to manipulate the machine owner keys. It sets up MOK requests, such as enroll and delete, and shim/MokManager shows the information of the keys during the next boot time. OBS-URL: https://build.opensuse.org/request/show/148524 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=1
112 lines
2.4 KiB
Diff
112 lines
2.4 KiB
Diff
commit b2602eee326c15df8d23baa44f9e9e3e8b6bad93
|
|
Author: Gary Ching-Pang Lin <glin@suse.com>
|
|
Date: Mon Dec 3 17:45:41 2012 +0800
|
|
|
|
Probe the state of SecureBoot
|
|
|
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
|
index 3707220..1c32828 100644
|
|
--- a/src/mokutil.c
|
|
+++ b/src/mokutil.c
|
|
@@ -40,6 +40,7 @@ enum Command {
|
|
COMMAND_PASSWORD,
|
|
COMMAND_DISABLE_VALIDATION,
|
|
COMMAND_ENABLE_VALIDATION,
|
|
+ COMMAND_SB_STATE,
|
|
};
|
|
|
|
static void
|
|
@@ -48,22 +49,33 @@ print_help ()
|
|
printf("Usage:\n");
|
|
printf("List the enrolled keys:\n");
|
|
printf(" mokutil --list-enrolled\n\n");
|
|
+
|
|
printf("List the keys to be enrolled:\n");
|
|
printf(" mokutil --list-new\n\n");
|
|
+
|
|
printf("Import keys:\n");
|
|
printf(" mokutil --import <der file>...\n\n");
|
|
+
|
|
printf("Request to delete all keys\n");
|
|
printf(" mokutil --delete-all\n\n");
|
|
+
|
|
printf("Revoke the request:\n");
|
|
printf(" mokutil --revoke\n\n");
|
|
+
|
|
printf("Export enrolled keys to files:\n");
|
|
printf(" mokutil --export\n\n");
|
|
+
|
|
printf("Set MOK password:\n");
|
|
printf(" mokutil --password\n\n");
|
|
+
|
|
printf("Disable signature validation:\n");
|
|
printf(" mokutil --disable-validation\n\n");
|
|
+
|
|
printf("Enable signature validation:\n");
|
|
printf(" mokutil --enable-validation\n\n");
|
|
+
|
|
+ printf("SecureBoot State:\n");
|
|
+ printf(" mokutil --sb-state\n\n");
|
|
}
|
|
|
|
static int
|
|
@@ -709,7 +721,36 @@ enable_validation()
|
|
{
|
|
return set_validation(1);
|
|
}
|
|
-
|
|
+
|
|
+static int
|
|
+sb_state ()
|
|
+{
|
|
+ efi_variable_t var;
|
|
+ char *state;
|
|
+
|
|
+ memset (&var, 0, sizeof(var));
|
|
+ var.VariableName = "SecureBoot";
|
|
+ var.VendorGuid = EFI_GLOBAL_VARIABLE;
|
|
+
|
|
+ if (read_variable (&var) != EFI_SUCCESS) {
|
|
+ fprintf (stderr, "Failed to read SecureBoot\n");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ state = (char *)var.Data;
|
|
+ if (*state == 1) {
|
|
+ printf ("SecureBoot enabled\n");
|
|
+ } else if (*state == 0) {
|
|
+ printf ("SecureBoot disabled\n");
|
|
+ } else {
|
|
+ printf ("SecureBoot unknown");
|
|
+ }
|
|
+
|
|
+ free (var.Data);
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
int
|
|
main (int argc, char *argv[])
|
|
{
|
|
@@ -786,6 +827,10 @@ main (int argc, char *argv[])
|
|
|
|
command = COMMAND_ENABLE_VALIDATION;
|
|
|
|
+ } else if (strcmp (argv[1], "--sb-state") == 0) {
|
|
+
|
|
+ command = COMMAND_SB_STATE;
|
|
+
|
|
} else {
|
|
fprintf (stderr, "Unknown argument: %s\n\n", argv[1]);
|
|
print_help ();
|
|
@@ -820,6 +865,9 @@ main (int argc, char *argv[])
|
|
case COMMAND_ENABLE_VALIDATION:
|
|
enable_validation ();
|
|
break;
|
|
+ case COMMAND_SB_STATE:
|
|
+ sb_state ();
|
|
+ break;
|
|
default:
|
|
fprintf (stderr, "Unknown command\n");
|
|
break;
|