#include "icns.h"
#include "menu.h"
#include "mok.h"
+#include "security_policy.h"
#include "../include/Handle.h"
#include "../include/refit_call_wrapper.h"
#include "driver_support.h"
#include "../include/syslinux_mbr.h"
-#ifdef __MAKEWITH_TIANO
-#include "../EfiLib/BdsHelper.h"
-#else
+#ifdef __MAKEWITH_GNUEFI
#define EFI_SECURITY_VIOLATION EFIERR (26)
-#endif // __MAKEWITH_TIANO
+#else
+#include "../EfiLib/BdsHelper.h"
+#endif // __MAKEWITH_GNUEFI
//
// variables
+// #ifdef EFIX64
+// foo
+// #endif
+
#define MACOSX_LOADER_PATH L"System\\Library\\CoreServices\\boot.efi"
#if defined (EFIX64)
#define SHELL_NAMES L"\\EFI\\tools\\shell.efi,\\EFI\\tools\\shellx64.efi,\\shellx64.efi"
L"Insert or F2 for more options; Esc to refresh" };
static REFIT_MENU_SCREEN AboutMenu = { L"About", NULL, 0, NULL, 0, NULL, 0, NULL, L"Press Enter to return to main menu", L"" };
-REFIT_CONFIG GlobalConfig = { FALSE, FALSE, 0, 0, 0, 20, 0, 0, GRAPHICS_FOR_OSX, LEGACY_TYPE_MAC, 0,
+REFIT_CONFIG GlobalConfig = { FALSE, FALSE, 0, 0, DONT_CHANGE_TEXT_MODE, 20, 0, 0, GRAPHICS_FOR_OSX, LEGACY_TYPE_MAC, 0,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
{TAG_SHELL, TAG_APPLE_RECOVERY, TAG_MOK_TOOL, TAG_ABOUT, TAG_SHUTDOWN, TAG_REBOOT, 0, 0, 0, 0, 0 }};
if (AboutMenu.EntryCount == 0) {
AboutMenu.TitleImage = BuiltinIcon(BUILTIN_ICON_FUNC_ABOUT);
- AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.6.0.4");
+ AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.6.2.2");
AddMenuInfoLine(&AboutMenu, L"");
AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2006-2010 Christoph Pfisterer");
AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2012 Roderick W. Smith");
EFI_STATUS Status, ReturnStatus;
EFI_HANDLE ChildImageHandle;
EFI_LOADED_IMAGE *ChildLoadedImage = NULL;
- REFIT_FILE File;
- VOID *ImageData = NULL;
- UINTN ImageSize;
- REFIT_VOLUME *DeviceVolume = NULL;
UINTN DevicePathIndex;
CHAR16 ErrorInfo[256];
CHAR16 *FullLoadOptions = NULL;
- CHAR16 *loader = NULL;
- BOOLEAN UseMok = FALSE;
if (ErrorInStep != NULL)
*ErrorInStep = 0;
// set load options
if (LoadOptions != NULL) {
if (LoadOptionsPrefix != NULL) {
-// MergeStrings(&FullLoadOptions, LoadOptionsPrefix, 0);
MergeStrings(&FullLoadOptions, LoadOptions, L' ');
if (OSType == 'M') {
MergeStrings(&FullLoadOptions, L" ", 0);
// load the image into memory (and execute it, in the case of a shim/MOK image).
ReturnStatus = Status = EFI_NOT_FOUND; // in case the list is empty
for (DevicePathIndex = 0; DevicePaths[DevicePathIndex] != NULL; DevicePathIndex++) {
- // NOTE: Below commented-out line could be more efficient if the ReadFile() and
- // FindVolumeAndFilename() calls were moved earlier, but it doesn't work on my
+ // NOTE: Below commented-out line could be more efficient if file were read ahead of
+ // time and passed as a pre-loaded image to LoadImage(), but it doesn't work on my
// 32-bit Mac Mini or my 64-bit Intel box when launching a Linux kernel; the
// kernel returns a "Failed to handle fs_proto" error message.
// TODO: Track down the cause of this error and fix it, if possible.
// ImageData, ImageSize, &ChildImageHandle);
ReturnStatus = Status = refit_call6_wrapper(BS->LoadImage, FALSE, SelfImageHandle, DevicePaths[DevicePathIndex],
NULL, 0, &ChildImageHandle);
- if (((Status == EFI_ACCESS_DENIED) || (Status == EFI_SECURITY_VIOLATION)) && (ShimLoaded())) {
- FindVolumeAndFilename(DevicePaths[DevicePathIndex], &DeviceVolume, &loader);
- if (DeviceVolume != NULL) {
- Status = ReadFile(DeviceVolume->RootDir, loader, &File, &ImageSize);
- ImageData = File.Buffer;
- } else {
- Status = EFI_NOT_FOUND;
- Print(L"Error: device volume not found!\n");
- } // if/else
- if (Status != EFI_NOT_FOUND) {
- ReturnStatus = Status = start_image(SelfImageHandle, loader, ImageData, ImageSize, FullLoadOptions,
- DeviceVolume, FileDevicePath(DeviceVolume->DeviceHandle, loader));
-// ReturnStatus = Status = start_image(SelfImageHandle, loader, ImageData, ImageSize, FullLoadOptions,
-// DeviceVolume, DevicePaths[DevicePathIndex]);
- }
- if (ReturnStatus == EFI_SUCCESS) {
- UseMok = TRUE;
- } // if
- } // if (UEFI SB failed; use shim)
if (ReturnStatus != EFI_NOT_FOUND) {
break;
}
goto bailout;
}
- if (!UseMok) {
- ReturnStatus = Status = refit_call3_wrapper(BS->HandleProtocol, ChildImageHandle, &LoadedImageProtocol,
- (VOID **) &ChildLoadedImage);
- if (CheckError(Status, L"while getting a LoadedImageProtocol handle")) {
- if (ErrorInStep != NULL)
- *ErrorInStep = 2;
- goto bailout_unload;
- }
- ChildLoadedImage->LoadOptions = (VOID *)FullLoadOptions;
- ChildLoadedImage->LoadOptionsSize = ((UINT32)StrLen(FullLoadOptions) + 1) * sizeof(CHAR16);
- // turn control over to the image
- // TODO: (optionally) re-enable the EFI watchdog timer!
-
- // close open file handles
- UninitRefitLib();
- ReturnStatus = Status = refit_call3_wrapper(BS->StartImage, ChildImageHandle, NULL, NULL);
- // control returns here when the child image calls Exit()
- SPrint(ErrorInfo, 255, L"returned from %s", ImageTitle);
- if (CheckError(Status, ErrorInfo)) {
- if (ErrorInStep != NULL)
- *ErrorInStep = 3;
- }
+ ReturnStatus = Status = refit_call3_wrapper(BS->HandleProtocol, ChildImageHandle, &LoadedImageProtocol,
+ (VOID **) &ChildLoadedImage);
+ if (CheckError(Status, L"while getting a LoadedImageProtocol handle")) {
+ if (ErrorInStep != NULL)
+ *ErrorInStep = 2;
+ goto bailout_unload;
+ }
+ ChildLoadedImage->LoadOptions = (VOID *)FullLoadOptions;
+ ChildLoadedImage->LoadOptionsSize = ((UINT32)StrLen(FullLoadOptions) + 1) * sizeof(CHAR16);
+ // turn control over to the image
+ // TODO: (optionally) re-enable the EFI watchdog timer!
- // re-open file handles
- ReinitRefitLib();
- } // if
+ // close open file handles
+ UninitRefitLib();
+ ReturnStatus = Status = refit_call3_wrapper(BS->StartImage, ChildImageHandle, NULL, NULL);
+
+ // control returns here when the child image calls Exit()
+ SPrint(ErrorInfo, 255, L"returned from %s", ImageTitle);
+ if (CheckError(Status, ErrorInfo)) {
+ if (ErrorInStep != NULL)
+ *ErrorInStep = 3;
+ }
+
+ // re-open file handles
+ ReinitRefitLib();
bailout_unload:
// unload the image, we don't care if it works or not...
- if (!UseMok)
- Status = refit_call1_wrapper(BS->UnloadImage, ChildImageHandle);
+ Status = refit_call1_wrapper(BS->UnloadImage, ChildImageHandle);
bailout:
MyFreePool(FullLoadOptions);
} // while
} // static VOID CleanUpLoaderList()
+// Returns FALSE if the specified file/volume matches the GlobalConfig.DontScanDirs
+// or GlobalConfig.DontScanVolumes specification, or if Path points to a volume
+// other than the one specified by Volume. Returns TRUE if none of these conditions
+// is true. Also reduces *Path to a path alone, with no volume specification.
+static BOOLEAN ShouldScan(REFIT_VOLUME *Volume, CHAR16 *Path) {
+ CHAR16 *VolName = NULL, *DontScanDir;
+ UINTN i = 0, VolNum;
+ BOOLEAN ScanIt = TRUE;
+
+ if (IsIn(Volume->VolName, GlobalConfig.DontScanVolumes)) {
+ Print(L"Not scanning volume %s\n", Volume->VolName);
+ PauseForKey();
+ return FALSE;
+ }
+
+ while ((DontScanDir = FindCommaDelimited(GlobalConfig.DontScanDirs, i++)) && ScanIt) {
+ SplitVolumeAndFilename(&DontScanDir, &VolName);
+ CleanUpPathNameSlashes(DontScanDir);
+ if (VolName != NULL) {
+ if ((StriCmp(VolName, Volume->VolName) == 0) && (StriCmp(DontScanDir, Path)))
+ ScanIt = FALSE;
+ if ((VolName[0] == L'f') && (VolName[1] == L's') && (VolName[2] >= L'0') && (VolName[2] <= '9')) {
+ VolNum = Atoi(VolName + 2);
+ if ((VolNum == Volume->VolNumber) && (StriCmp(DontScanDir, Path)))
+ ScanIt = FALSE;
+ }
+ } else {
+ if (StriCmp(DontScanDir, Path) == 0)
+ ScanIt = FALSE;
+ }
+ MyFreePool(DontScanDir);
+ DontScanDir = NULL;
+ }
+ return ScanIt;
+} // BOOLEAN ShouldScan()
+
// Scan an individual directory for EFI boot loader files and, if found,
// add them to the list. Sorts the entries within the loader directory
// so that the most recent one appears first in the list.
if ((!SelfDirPath || !Path || ((StriCmp(Path, SelfDirPath) == 0) && (Volume->DeviceHandle != SelfVolume->DeviceHandle)) ||
(StriCmp(Path, SelfDirPath) != 0)) &&
- (!IsIn(Path, GlobalConfig.DontScanDirs)) &&
- (!IsIn(Volume->VolName, GlobalConfig.DontScanVolumes))) {
+ (ShouldScan(Volume, Path))) {
+// (!IsIn(Path, GlobalConfig.DontScanDirs)) &&
+// (!IsIn(Volume->VolName, GlobalConfig.DontScanVolumes))) {
// look through contents of the directory
DirIterOpen(Volume->RootDir, Path, &DirIter);
while (DirIterNext(&DirIter, 2, Pattern, &DirEntry)) {
} /* static LEGACY_ENTRY * AddLegacyEntry() */
-#ifdef __MAKEWITH_TIANO
+#ifdef __MAKEWITH_GNUEFI
+static VOID ScanLegacyUEFI(IN UINTN DiskType){}
+#else
// default volume badge icon based on disk kind
static EG_IMAGE * GetDiskBadge(IN UINTN DiskType) {
EG_IMAGE * Badge = NULL;
Index++;
}
} /* static VOID ScanLegacyUEFI() */
-#else
-static VOID ScanLegacyUEFI(IN UINTN DiskType){}
-#endif // __MAKEWITH_TIANO
+#endif // __MAKEWITH_GNUEFI
static VOID ScanLegacyVolume(REFIT_VOLUME *Volume, UINTN VolumeIndex) {
UINTN VolumeIndex2;
GlobalConfig.LegacyType = LEGACY_TYPE_NONE;
// UEFI-style legacy BIOS support is available only with the TianoCore EDK2
- // build environment, and then only with some implementations....
+ // build environment, and then only with some EFI implementations....
#ifdef __MAKEWITH_TIANO
Status = gBS->LocateProtocol (&gEfiLegacyBootProtocolGuid, NULL, (VOID **) &LegacyBios);
if (!EFI_ERROR (Status))
SetupScreen();
} // VOID RescanAll()
-#ifndef __MAKEWITH_GNUEFI
+#ifdef __MAKEWITH_TIANO
// Minimal initialization function
static VOID InitializeLib(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable) {
#endif
+// Set up our own Secure Boot extensions....
+// Returns TRUE on success, FALSE otherwise
+static BOOLEAN SecureBootSetup(VOID) {
+ EFI_STATUS Status;
+ BOOLEAN Success = FALSE;
+
+ if (secure_mode() && ShimLoaded()) {
+ Status = security_policy_install();
+ if (Status == EFI_SUCCESS) {
+ Success = TRUE;
+ } else {
+ Print(L"Failed to install MOK Secure Boot extensions");
+ }
+ }
+ return Success;
+} // VOID SecureBootSetup()
+
+// Remove our own Secure Boot extensions....
+// Returns TRUE on success, FALSE otherwise
+static BOOLEAN SecureBootUninstall(VOID) {
+ EFI_STATUS Status;
+ BOOLEAN Success = TRUE;
+
+ if (secure_mode()) {
+ Status = security_policy_uninstall();
+ if (Status != EFI_SUCCESS) {
+ Success = FALSE;
+ BeginTextScreen(L"Secure Boot Policy Failure");
+ Print(L"Failed to uninstall MOK Secure Boot extensions; forcing a reboot.");
+ PauseForKey();
+ refit_call4_wrapper(RT->ResetSystem, EfiResetCold, EFI_SUCCESS, 0, NULL);
+ }
+ }
+ return Success;
+} // VOID SecureBootUninstall
+
//
// main entry point
//
{
EFI_STATUS Status;
BOOLEAN MainLoopRunning = TRUE;
+ BOOLEAN MokProtocol;
REFIT_MENU_ENTRY *ChosenEntry;
UINTN MenuExit, i;
CHAR16 *Selection;
// bootstrap
InitializeLib(ImageHandle, SystemTable);
- InitScreen();
Status = InitRefitLib(ImageHandle);
if (EFI_ERROR(Status))
return Status;
if (GlobalConfig.LegacyType == LEGACY_TYPE_MAC)
CopyMem(GlobalConfig.ScanFor, "ihebocm ", NUM_SCAN_OPTIONS);
ReadConfig(CONFIG_FILE_NAME);
+
+ InitScreen();
WarnIfLegacyProblems();
MainMenu.TimeoutSeconds = GlobalConfig.Timeout;
// further bootstrap (now with config available)
SetupScreen();
+ MokProtocol = SecureBootSetup();
ScanVolumes();
LoadDrivers();
ScanForBootloaders();
case TAG_LEGACY_UEFI: // Boot a legacy OS on a non-Mac
StartLegacyUEFI((LEGACY_ENTRY *)ChosenEntry);
break;
-#endif // __MAKEWITH_TIANO
+#endif
case TAG_TOOL: // Start a EFI tool
StartTool((LOADER_ENTRY *)ChosenEntry);
break;
case TAG_EXIT: // Terminate rEFInd
- BeginTextScreen(L" ");
- return EFI_SUCCESS;
+ if ((MokProtocol) && !SecureBootUninstall()) {
+ MainLoopRunning = FALSE; // just in case we get this far
+ } else {
+ BeginTextScreen(L" ");
+ return EFI_SUCCESS;
+ }
break;
} // switch()