#include "icns.h"
#include "menu.h"
#include "mok.h"
+#include "security_policy.h"
#include "../include/Handle.h"
#include "../include/refit_call_wrapper.h"
#include "driver_support.h"
#ifdef __MAKEWITH_TIANO
#include "../EfiLib/BdsHelper.h"
+#else
+#define EFI_SECURITY_VIOLATION EFIERR (26)
#endif // __MAKEWITH_TIANO
-//
+//
// variables
#define MACOSX_LOADER_PATH L"System\\Library\\CoreServices\\boot.efi"
#define SHELL_NAMES L"\\EFI\\tools\\shell.efi,\\EFI\\tools\\shellx64.efi,\\shellx64.efi"
#define DRIVER_DIRS L"drivers,drivers_x64"
#elif defined (EFI32)
-#define SHELL_NAMES L"\\EFI\\tools\\shell.efi,\\EFI\\tools\shellia32.efi,\\shellia32.efi"
+#define SHELL_NAMES L"\\EFI\\tools\\shell.efi,\\EFI\\tools\\shellia32.efi,\\shellia32.efi"
#define DRIVER_DIRS L"drivers,drivers_ia32"
#else
#define SHELL_NAMES L"\\EFI\\tools\\shell.efi"
L"Insert or F2 for more options; Esc to refresh" };
static REFIT_MENU_SCREEN AboutMenu = { L"About", NULL, 0, NULL, 0, NULL, 0, NULL, L"Press Enter to return to main menu", L"" };
-REFIT_CONFIG GlobalConfig = { FALSE, FALSE, 0, 0, 0, 20, 0, 0, GRAPHICS_FOR_OSX, LEGACY_TYPE_MAC, 0,
+REFIT_CONFIG GlobalConfig = { FALSE, FALSE, 0, 0, DONT_CHANGE_TEXT_MODE, 20, 0, 0, GRAPHICS_FOR_OSX, LEGACY_TYPE_MAC, 0,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
{TAG_SHELL, TAG_APPLE_RECOVERY, TAG_MOK_TOOL, TAG_ABOUT, TAG_SHUTDOWN, TAG_REBOOT, 0, 0, 0, 0, 0 }};
if (AboutMenu.EntryCount == 0) {
AboutMenu.TitleImage = BuiltinIcon(BUILTIN_ICON_FUNC_ABOUT);
- AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.6.0.2");
+ AddMenuInfoLine(&AboutMenu, L"rEFInd Version 0.6.1.3");
AddMenuInfoLine(&AboutMenu, L"");
AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2006-2010 Christoph Pfisterer");
AddMenuInfoLine(&AboutMenu, L"Copyright (c) 2012 Roderick W. Smith");
EFI_STATUS Status, ReturnStatus;
EFI_HANDLE ChildImageHandle;
EFI_LOADED_IMAGE *ChildLoadedImage = NULL;
- REFIT_FILE File;
- VOID *ImageData = NULL;
- UINTN ImageSize;
- REFIT_VOLUME *DeviceVolume = NULL;
UINTN DevicePathIndex;
CHAR16 ErrorInfo[256];
CHAR16 *FullLoadOptions = NULL;
- CHAR16 *loader = NULL;
- BOOLEAN UseMok = FALSE;
if (ErrorInStep != NULL)
*ErrorInStep = 0;
// set load options
if (LoadOptions != NULL) {
if (LoadOptionsPrefix != NULL) {
-// MergeStrings(&FullLoadOptions, LoadOptionsPrefix, 0);
MergeStrings(&FullLoadOptions, LoadOptions, L' ');
if (OSType == 'M') {
MergeStrings(&FullLoadOptions, L" ", 0);
// load the image into memory (and execute it, in the case of a shim/MOK image).
ReturnStatus = Status = EFI_NOT_FOUND; // in case the list is empty
for (DevicePathIndex = 0; DevicePaths[DevicePathIndex] != NULL; DevicePathIndex++) {
- // NOTE: Below commented-out line could be more efficient if the ReadFile() and
- // FindVolumeAndFilename() calls were moved earlier, but it doesn't work on my
+ // NOTE: Below commented-out line could be more efficient iffile were read ahead of
+ // time and passed as a pre-loaded image to LoadImage(), but it doesn't work on my
// 32-bit Mac Mini or my 64-bit Intel box when launching a Linux kernel; the
// kernel returns a "Failed to handle fs_proto" error message.
// TODO: Track down the cause of this error and fix it, if possible.
// ImageData, ImageSize, &ChildImageHandle);
ReturnStatus = Status = refit_call6_wrapper(BS->LoadImage, FALSE, SelfImageHandle, DevicePaths[DevicePathIndex],
NULL, 0, &ChildImageHandle);
- if ((Status == EFI_ACCESS_DENIED) && (ShimLoaded())) {
- FindVolumeAndFilename(DevicePaths[DevicePathIndex], &DeviceVolume, &loader);
- if (DeviceVolume != NULL) {
- Status = ReadFile(DeviceVolume->RootDir, loader, &File, &ImageSize);
- ImageData = File.Buffer;
- } else {
- Status = EFI_NOT_FOUND;
- Print(L"Error: device volume not found!\n");
- } // if/else
- if (Status != EFI_NOT_FOUND) {
- ReturnStatus = Status = start_image(SelfImageHandle, loader, ImageData, ImageSize, FullLoadOptions,
- DeviceVolume, FileDevicePath(DeviceVolume->DeviceHandle, loader));
-// ReturnStatus = Status = start_image(SelfImageHandle, loader, ImageData, ImageSize, FullLoadOptions,
-// DeviceVolume, DevicePaths[DevicePathIndex]);
- }
- if (ReturnStatus == EFI_SUCCESS) {
- UseMok = TRUE;
- } // if
- } // if (UEFI SB failed; use shim)
if (ReturnStatus != EFI_NOT_FOUND) {
break;
}
goto bailout;
}
- if (!UseMok) {
- ReturnStatus = Status = refit_call3_wrapper(BS->HandleProtocol, ChildImageHandle, &LoadedImageProtocol,
- (VOID **) &ChildLoadedImage);
- if (CheckError(Status, L"while getting a LoadedImageProtocol handle")) {
- if (ErrorInStep != NULL)
- *ErrorInStep = 2;
- goto bailout_unload;
- }
- ChildLoadedImage->LoadOptions = (VOID *)FullLoadOptions;
- ChildLoadedImage->LoadOptionsSize = ((UINT32)StrLen(FullLoadOptions) + 1) * sizeof(CHAR16);
- // turn control over to the image
- // TODO: (optionally) re-enable the EFI watchdog timer!
-
- // close open file handles
- UninitRefitLib();
- ReturnStatus = Status = refit_call3_wrapper(BS->StartImage, ChildImageHandle, NULL, NULL);
- // control returns here when the child image calls Exit()
- SPrint(ErrorInfo, 255, L"returned from %s", ImageTitle);
- if (CheckError(Status, ErrorInfo)) {
- if (ErrorInStep != NULL)
- *ErrorInStep = 3;
- }
+ ReturnStatus = Status = refit_call3_wrapper(BS->HandleProtocol, ChildImageHandle, &LoadedImageProtocol,
+ (VOID **) &ChildLoadedImage);
+ if (CheckError(Status, L"while getting a LoadedImageProtocol handle")) {
+ if (ErrorInStep != NULL)
+ *ErrorInStep = 2;
+ goto bailout_unload;
+ }
+ ChildLoadedImage->LoadOptions = (VOID *)FullLoadOptions;
+ ChildLoadedImage->LoadOptionsSize = ((UINT32)StrLen(FullLoadOptions) + 1) * sizeof(CHAR16);
+ // turn control over to the image
+ // TODO: (optionally) re-enable the EFI watchdog timer!
- // re-open file handles
- ReinitRefitLib();
- } // if
+ // close open file handles
+ UninitRefitLib();
+ ReturnStatus = Status = refit_call3_wrapper(BS->StartImage, ChildImageHandle, NULL, NULL);
+
+ // control returns here when the child image calls Exit()
+ SPrint(ErrorInfo, 255, L"returned from %s", ImageTitle);
+ if (CheckError(Status, ErrorInfo)) {
+ if (ErrorInStep != NULL)
+ *ErrorInStep = 3;
+ }
+
+ // re-open file handles
+ ReinitRefitLib();
bailout_unload:
// unload the image, we don't care if it works or not...
- if (!UseMok)
- Status = refit_call1_wrapper(BS->UnloadImage, ChildImageHandle);
+ Status = refit_call1_wrapper(BS->UnloadImage, ChildImageHandle);
bailout:
MyFreePool(FullLoadOptions);
// Sets a few defaults for a loader entry -- mainly the icon, but also the OS type
// code and shortcut letter. For Linux EFI stub loaders, also sets kernel options
// that will (with luck) work fairly automatically.
-VOID SetLoaderDefaults(LOADER_ENTRY *Entry, CHAR16 *LoaderPath, IN REFIT_VOLUME *Volume) {
+VOID SetLoaderDefaults(LOADER_ENTRY *Entry, CHAR16 *LoaderPath, REFIT_VOLUME *Volume) {
CHAR16 IconFileName[256];
- CHAR16 *FileName, *PathOnly, *OSIconName = NULL, *Temp;
+ CHAR16 *FileName, *PathOnly, *OSIconName = NULL, *Temp, *SubString;
CHAR16 ShortcutLetter = 0;
UINTN i, Length;
PathOnly = FindPath(LoaderPath);
// locate a custom icon for the loader
+ // Anything found here takes precedence over the "hints" in the OSIconName variable
StrCpy(IconFileName, LoaderPath);
ReplaceEfiExtension(IconFileName, L".icns");
if (FileExists(Volume->RootDir, IconFileName)) {
Entry->me.Image = Volume->VolIconImage;
} // icon matched to loader or volume
+ // Begin creating icon "hints" by using last part of directory path leading
+ // to the loader
Temp = FindLastDirName(LoaderPath);
MergeStrings(&OSIconName, Temp, L',');
MyFreePool(Temp);
ShortcutLetter = OSIconName[0];
}
- // Add the volume's label up to the first space, dash, or underscore (if present)
- // as a potential base for finding an icon
+ // Add every "word" in the volume label, delimited by spaces, dashes (-), or
+ // underscores (_), to the list of hints to be used in searching for OS
+ // icons.
if ((Volume->VolName) && (StrLen(Volume->VolName) > 0)) {
- Temp = StrDuplicate(Volume->VolName);
+ Temp = SubString = StrDuplicate(Volume->VolName);
if (Temp != NULL) {
- i = 0;
Length = StrLen(Temp);
- do {
- if ((Temp[i] == L' ') || (Temp[i] == L'_') || (Temp[i] == L'-'))
+ for (i = 0; i < Length; i++) {
+ if ((Temp[i] == L' ') || (Temp[i] == L'_') || (Temp[i] == L'-')) {
Temp[i] = 0;
- } while ((Temp[i] != 0) && (++i < Length));
- MergeStrings(&OSIconName, Temp, L',');
+ if (StrLen(SubString) > 0)
+ MergeStrings(&OSIconName, SubString, L',');
+ SubString = Temp + i + 1;
+ } // if
+ } // for
+ MergeStrings(&OSIconName, SubString, L',');
MyFreePool(Temp);
} // if
} // if
Entry->UseGraphicsMode = GlobalConfig.GraphicsFor & GRAPHICS_FOR_GRUB;
} else if (StriCmp(FileName, L"cdboot.efi") == 0 ||
StriCmp(FileName, L"bootmgr.efi") == 0 ||
- StriCmp(FileName, L"Bootmgfw.efi") == 0) {
+ StriCmp(FileName, L"bootmgfw.efi") == 0) {
MergeStrings(&OSIconName, L"win", L',');
Entry->OSType = 'W';
ShortcutLetter = 'W';
BDS_COMMON_OPTION *BdsOption;
LIST_ENTRY TempList;
BBS_BBS_DEVICE_PATH * BbsDevicePath = NULL;
-// REFIT_VOLUME Volume;
InitializeListHead (&TempList);
ZeroMem (Buffer, sizeof (Buffer));
#endif
+// Set up our own Secure Boot extensions....
+// Returns TRUE on success, FALSE otherwise
+static BOOLEAN SecureBootSetup(VOID) {
+ EFI_STATUS Status;
+ BOOLEAN Success = FALSE;
+
+ if (secure_mode()) {
+ Status = security_policy_install();
+ if (Status == EFI_SUCCESS) {
+ Success = TRUE;
+ } else {
+ Print(L"Failed to install MOK Secure Boot extensions");
+// PauseForKey();
+ }
+ }
+ return Success;
+} // VOID SecureBootSetup()
+
+// Remove our own Secure Boot extensions....
+// Returns TRUE on success, FALSE otherwise
+static BOOLEAN SecureBootUninstall(VOID) {
+ EFI_STATUS Status;
+ BOOLEAN Success = TRUE;
+
+ if (secure_mode()) {
+ Status = security_policy_uninstall();
+ if (Status != EFI_SUCCESS) {
+ Success = FALSE;
+ BeginTextScreen(L"Secure Boot Policy Failure");
+ Print(L"Failed to uninstall MOK Secure Boot extensions; forcing a reboot.");
+ PauseForKey();
+ refit_call4_wrapper(RT->ResetSystem, EfiResetCold, EFI_SUCCESS, 0, NULL);
+ }
+ }
+ return Success;
+} // VOID SecureBootUninstall
+
//
// main entry point
//
EFI_STATUS
EFIAPI
-efi_main (IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
+efi_main (EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
{
EFI_STATUS Status;
BOOLEAN MainLoopRunning = TRUE;
+ BOOLEAN MokProtocol;
REFIT_MENU_ENTRY *ChosenEntry;
UINTN MenuExit, i;
CHAR16 *Selection;
// bootstrap
InitializeLib(ImageHandle, SystemTable);
- InitScreen();
Status = InitRefitLib(ImageHandle);
if (EFI_ERROR(Status))
return Status;
if (GlobalConfig.LegacyType == LEGACY_TYPE_MAC)
CopyMem(GlobalConfig.ScanFor, "ihebocm ", NUM_SCAN_OPTIONS);
ReadConfig(CONFIG_FILE_NAME);
+
+ InitScreen();
WarnIfLegacyProblems();
MainMenu.TimeoutSeconds = GlobalConfig.Timeout;
// further bootstrap (now with config available)
SetupScreen();
+ MokProtocol = SecureBootSetup();
ScanVolumes();
LoadDrivers();
+ PauseForKey();
ScanForBootloaders();
ScanForTools();
break;
case TAG_EXIT: // Terminate rEFInd
- BeginTextScreen(L" ");
- return EFI_SUCCESS;
+ if ((MokProtocol) && !SecureBootUninstall()) {
+ MainLoopRunning = FALSE; // just in case we get this far
+ } else {
+ BeginTextScreen(L" ");
+ return EFI_SUCCESS;
+ }
break;
} // switch()