[efi] Add definitions for the UEFI shim lock protocol

The UEFI shim includes a "shim lock protocol" that can be used by a third party second stage loader such as GRUB to verify a kernel image. Add definitions for the relevant portions of this protocol interface. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2023-05-22 14:07:26 +01:00 · 2023-05-22 14:07:26 +01:00 · 3c214f0465
parent ce2200d5fb
commit 3c214f0465
4 changed files with 39 additions and 0 deletions
--- a/src/include/ipxe/efi/Protocol/ShimLock.h
+++ b/src/include/ipxe/efi/Protocol/ShimLock.h
@ -0,0 +1,31 @@
+#ifndef _IPXE_EFI_SHIM_LOCK_PROTOCOL_H
+#define _IPXE_EFI_SHIM_LOCK_PROTOCOL_H
+
+/** @file
+ *
+ * EFI "shim lock" protocol
+ *
+ */
+
+FILE_LICENCE ( BSD3 );
+
+#define EFI_SHIM_LOCK_PROTOCOL_GUID					\
+	{ 0x605dab50, 0xe046, 0x4300,					\
+	{ 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } }
+
+#define SHIMAPI __asmcall
+
+typedef
+EFI_STATUS SHIMAPI
+(*EFI_SHIM_LOCK_VERIFY) (
+  IN VOID *buffer,
+  IN UINT32 size
+  );
+
+typedef struct _EFI_SHIM_LOCK_PROTOCOL {
+  EFI_SHIM_LOCK_VERIFY Verify;
+  VOID *Reserved1;
+  VOID *Reserved2;
+} EFI_SHIM_LOCK_PROTOCOL;
+
+#endif /*_IPXE_EFI_SHIM_LOCK_PROTOCOL_H */
--- a/src/include/ipxe/efi/efi.h
+++ b/src/include/ipxe/efi/efi.h
@ -197,6 +197,7 @@ extern EFI_GUID efi_pci_io_protocol_guid;
 extern EFI_GUID efi_pci_root_bridge_io_protocol_guid;
 extern EFI_GUID efi_pxe_base_code_protocol_guid;
 extern EFI_GUID efi_serial_io_protocol_guid;
+extern EFI_GUID efi_shim_lock_protocol_guid;
 extern EFI_GUID efi_simple_file_system_protocol_guid;
 extern EFI_GUID efi_simple_network_protocol_guid;
 extern EFI_GUID efi_simple_pointer_protocol_guid;
--- a/src/interface/efi/efi_debug.c
+++ b/src/interface/efi/efi_debug.c
@ -143,6 +143,8 @@ static struct efi_well_known_guid efi_well_known_guids[] = {
 	  "PxeBaseCode" },
 	{ &efi_serial_io_protocol_guid,
 	  "SerialIo" },
+	{ &efi_shim_lock_protocol_guid,
+	  "ShimLock" },
 	{ &efi_simple_file_system_protocol_guid,
 	  "SimpleFileSystem" },
 	{ &efi_simple_network_protocol_guid,
--- a/src/interface/efi/efi_guid.c
+++ b/src/interface/efi/efi_guid.c
@ -54,6 +54,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/efi/Protocol/PciRootBridgeIo.h>
 #include <ipxe/efi/Protocol/PxeBaseCode.h>
 #include <ipxe/efi/Protocol/SerialIo.h>
+#include <ipxe/efi/Protocol/ShimLock.h>
 #include <ipxe/efi/Protocol/SimpleFileSystem.h>
 #include <ipxe/efi/Protocol/SimpleNetwork.h>
 #include <ipxe/efi/Protocol/SimplePointer.h>
@ -227,6 +228,10 @@ EFI_GUID efi_pxe_base_code_protocol_guid
 EFI_GUID efi_serial_io_protocol_guid
 	= EFI_SERIAL_IO_PROTOCOL_GUID;

+/** Shim lock protocol GUID */
+EFI_GUID efi_shim_lock_protocol_guid
+	= EFI_SHIM_LOCK_PROTOCOL_GUID;
+
 /** Simple file system protocol GUID */
 EFI_GUID efi_simple_file_system_protocol_guid
 	= EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID;