117721Speter/*- 217721Speter * Copyright (c) 2019 Stormshield. 317721Speter * Copyright (c) 2019 Semihalf. 417721Speter * 517721Speter * Redistribution and use in source and binary forms, with or without 617721Speter * modification, are permitted provided that the following conditions 717721Speter * are met: 817721Speter * 1. Redistributions of source code must retain the above copyright 917721Speter * notice, this list of conditions and the following disclaimer. 1017721Speter * 2. Redistributions in binary form must reproduce the above copyright 1117721Speter * notice, this list of conditions and the following disclaimer in the 1217721Speter * documentation and/or other materials provided with the distribution. 1317721Speter * 1417721Speter * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1517721Speter * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 1617721Speter * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 1717721Speter * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 1817721Speter * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 1917721Speter * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 2017721Speter * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2117721Speter * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 2217721Speter * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 2317721Speter * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2417721Speter * POSSIBILITY OF SUCH DAMAGE. 2517721Speter * 2617721Speter */ 2717721Speter 2817721Speter#include <sys/cdefs.h> 2917721Speter#define NEED_BRSSL_H 3017721Speter#include "../libsecureboot-priv.h" 3117721Speter#include <brssl.h> 3217721Speter 3317721Spetervoid 3417721Speterve_efi_init(void) 3517721Speter{ 3617721Speter br_x509_certificate *xcs; 3717721Speter hash_data *digests; 3817721Speter size_t num; 3917721Speter int result; 4017721Speter static int once = 0; 4117721Speter 4217721Speter if (once > 0) 4317721Speter return; 4417721Speter 4517721Speter once = 1; 4617721Speter 4717721Speter result = efi_secure_boot_enabled(); 4817721Speter if (result <= 0) 4917721Speter return; 5017721Speter 5117721Speter xcs = efi_get_trusted_certs(&num); 5217721Speter if (num > 0 && xcs != NULL) { 5317721Speter num = ve_trust_anchors_add(xcs, num); 5417721Speter free_certificates(xcs, num); 5517721Speter } 5617721Speter xcs = efi_get_forbidden_certs(&num); 5717721Speter if (num > 0 && xcs != NULL) { 5817721Speter num = ve_forbidden_anchors_add(xcs, num); 5917721Speter free_certificates(xcs, num); 6017721Speter } 6117721Speter digests = efi_get_forbidden_digests(&num); 6217721Speter if (num > 0 && digests != NULL) { 6317721Speter ve_forbidden_digest_add(digests, num); 6417721Speter /* 6517721Speter * Don't free the buffors for digests, 6617721Speter * since they are shallow copied. 6717721Speter */ 6817721Speter xfree(digests); 6917721Speter } 7017721Speter 7117721Speter return; 7217721Speter} 7317721Speter