Implement BlEfiGetSecureBootStatus() to get SecureBoot status

xtldr/efiutil.c

@@ -162,6 +162,38 @@ BlDbgPrint(IN PUINT16 Format,
     }
 }
 
+/**
+ * This routine checks whether SecureBoot is enabled or not.
+ *
+ * @return Numeric representation of SecureBoot status (0 = Disabled, >0 = Enabled, <0 SetupMode).
+ *
+ * @since XT 1.0
+ */
+INT_PTR
+BlEfiGetSecureBootStatus()
+{
+    EFI_GUID VarGuid = EFI_GLOBAL_VARIABLE_GUID;
+    INT_PTR SecureBootStatus = 0;
+    UCHAR VarValue = 0;
+    UINT_PTR Size;
+
+    Size = sizeof(VarValue);
+    if(EfiSystemTable->RuntimeServices->GetVariable(L"SecureBoot", &VarGuid,
+       NULL, &Size, &VarValue) == STATUS_EFI_SUCCESS)
+    {
+        SecureBootStatus = (INT_PTR)VarValue;
+
+        if((EfiSystemTable->RuntimeServices->GetVariable(L"SetupMode", &VarGuid,
+           NULL, &Size, &VarValue) == STATUS_EFI_SUCCESS) && VarValue != 0)
+        {
+            SecureBootStatus = -1;
+        }
+    }
+
+    /* Return SecureBoot status */
+    return SecureBootStatus;
+}
+
 /**
  * This routine allocates a pool memory.
  *

xtldr/includes/xtbl.h

@@ -19,6 +19,9 @@ EXTERN EFI_HANDLE EfiImageHandle;
 /* EFI System Table */
 EXTERN PEFI_SYSTEM_TABLE EfiSystemTable;
 
+/* EFI Secure Boot status */
+EXTERN INT_PTR EfiSecureBoot;
+
 /* Serial port configuration */
 EXTERN CPPORT EfiSerialPort;
 
@@ -44,6 +47,9 @@ VOID
 BlDbgPrint(IN PUINT16 Format,
            IN ...);
 
+INT_PTR
+BlEfiGetSecureBootStatus();
+
 EFI_STATUS
 BlEfiMemoryAllocatePool(IN UINT_PTR Size,
                         OUT PVOID *Memory);

xtldr/xtldr.c

@@ -308,6 +308,10 @@ BlStartXtLoader(IN EFI_HANDLE ImageHandle,
         BlDbgPrint(L"WARNING: Failed to disable watchdog timer\n");
     }
 
+    /* Check SecureBoot status */
+    EfiSecureBoot = BlEfiGetSecureBootStatus();
+    BlDbgPrint(L"SecureBoot status: %S\n", EfiSecureBoot == 0 ? L"DISABLED" : EfiSecureBoot > 0 ? L"ENABLED" : L"SETUP");
+
     /* Register loader protocol */
     Status = BlRegisterXtLoaderProtocol();
     if(Status != STATUS_EFI_SUCCESS)