+static VOID WarnSecureBootError(CHAR16 *Name, BOOLEAN Verbose) {
+ if (Name == NULL)
+ Name = L"the loader";
+
+ refit_call2_wrapper(ST->ConOut->SetAttribute, ST->ConOut, ATTR_ERROR);
+ Print(L"Secure Boot validation failure loading %s!\n", Name);
+ refit_call2_wrapper(ST->ConOut->SetAttribute, ST->ConOut, ATTR_BASIC);
+ if (Verbose && secure_mode()) {
+ Print(L"\nThis computer is configured with Secure Boot active, but\n%s has failed validation.\n", Name);
+ Print(L"\nYou can:\n * Launch another boot loader\n");
+ Print(L" * Disable Secure Boot in your firmware\n");
+ Print(L" * Sign %s with a machine owner key (MOK)\n", Name);
+ Print(L" * Use a MOK utility (often present on the second row) to add a MOK with which\n");
+ Print(L" %s has already been signed.\n", Name);
+ Print(L" * Use a MOK utility to register %s (\"enroll its hash\") without\n", Name);
+ Print(L" signing it.\n");
+ Print(L"\nSee http://www.rodsbooks.com/refind/secureboot.html for more information\n");
+ PauseForKey();
+ } // if
+} // VOID WarnSecureBootError()
+
+// Returns TRUE if this file is a valid EFI loader file, and is proper ARCH
+static BOOLEAN IsValidLoader(EFI_FILE *RootDir, CHAR16 *FileName) {
+ BOOLEAN IsValid = TRUE;
+#if defined (EFIX64) | defined (EFI32)
+ EFI_STATUS Status;
+ EFI_FILE_HANDLE FileHandle;
+ CHAR8 Header[512];
+ UINTN Size = sizeof(Header);
+
+ if ((RootDir == NULL) || (FileName == NULL)) {
+ // Assume valid here, because Macs produce NULL RootDir (& maybe FileName)
+ // when launching from a Firewire drive. This should be handled better, but
+ // fix would have to be in StartEFIImageList() and/or in FindVolumeAndFilename().
+ return TRUE;
+ } // if
+
+ Status = refit_call5_wrapper(RootDir->Open, RootDir, &FileHandle, FileName, EFI_FILE_MODE_READ, 0);
+ if (EFI_ERROR(Status))
+ return FALSE;
+
+ Status = refit_call3_wrapper(FileHandle->Read, FileHandle, &Size, Header);
+ refit_call1_wrapper(FileHandle->Close, FileHandle);
+
+ IsValid = !EFI_ERROR(Status) &&
+ Size == sizeof(Header) &&
+ ((Header[0] == 'M' && Header[1] == 'Z' &&
+ (Size = *(UINT32 *)&Header[0x3c]) < 0x180 &&
+ Header[Size] == 'P' && Header[Size+1] == 'E' &&
+ Header[Size+2] == 0 && Header[Size+3] == 0 &&
+ *(UINT16 *)&Header[Size+4] == EFI_STUB_ARCH) ||
+ (*(UINT32 *)&Header == FAT_ARCH));
+#endif
+ return IsValid;
+} // BOOLEAN IsValidLoader()
+