From 09e58d0b67229814dcba86e056adb457cff29270 Mon Sep 17 00:00:00 2001
From: belliash <belliash@codingworkshop.eu.org>
Date: Wed, 12 Oct 2022 15:47:41 +0200
Subject: [PATCH] Implement BlEfiGetSecureBootStatus() to get SecureBoot status

---
 xtldr/efiutil.c       | 32 ++++++++++++++++++++++++++++++++
 xtldr/includes/xtbl.h |  6 ++++++
 xtldr/xtldr.c         |  4 ++++
 3 files changed, 42 insertions(+)

diff --git a/xtldr/efiutil.c b/xtldr/efiutil.c
index 3f06c72..c030649 100644
--- a/xtldr/efiutil.c
+++ b/xtldr/efiutil.c
@@ -162,6 +162,38 @@ BlDbgPrint(IN PUINT16 Format,
     }
 }
 
+/**
+ * This routine checks whether SecureBoot is enabled or not.
+ *
+ * @return Numeric representation of SecureBoot status (0 = Disabled, >0 = Enabled, <0 SetupMode).
+ *
+ * @since XT 1.0
+ */
+INT_PTR
+BlEfiGetSecureBootStatus()
+{
+    EFI_GUID VarGuid = EFI_GLOBAL_VARIABLE_GUID;
+    INT_PTR SecureBootStatus = 0;
+    UCHAR VarValue = 0;
+    UINT_PTR Size;
+
+    Size = sizeof(VarValue);
+    if(EfiSystemTable->RuntimeServices->GetVariable(L"SecureBoot", &VarGuid,
+       NULL, &Size, &VarValue) == STATUS_EFI_SUCCESS)
+    {
+        SecureBootStatus = (INT_PTR)VarValue;
+
+        if((EfiSystemTable->RuntimeServices->GetVariable(L"SetupMode", &VarGuid,
+           NULL, &Size, &VarValue) == STATUS_EFI_SUCCESS) && VarValue != 0)
+        {
+            SecureBootStatus = -1;
+        }
+    }
+
+    /* Return SecureBoot status */
+    return SecureBootStatus;
+}
+
 /**
  * This routine allocates a pool memory.
  *
diff --git a/xtldr/includes/xtbl.h b/xtldr/includes/xtbl.h
index 73327ed..6c929ca 100644
--- a/xtldr/includes/xtbl.h
+++ b/xtldr/includes/xtbl.h
@@ -19,6 +19,9 @@ EXTERN EFI_HANDLE EfiImageHandle;
 /* EFI System Table */
 EXTERN PEFI_SYSTEM_TABLE EfiSystemTable;
 
+/* EFI Secure Boot status */
+EXTERN INT_PTR EfiSecureBoot;
+
 /* Serial port configuration */
 EXTERN CPPORT EfiSerialPort;
 
@@ -44,6 +47,9 @@ VOID
 BlDbgPrint(IN PUINT16 Format,
            IN ...);
 
+INT_PTR
+BlEfiGetSecureBootStatus();
+
 EFI_STATUS
 BlEfiMemoryAllocatePool(IN UINT_PTR Size,
                         OUT PVOID *Memory);
diff --git a/xtldr/xtldr.c b/xtldr/xtldr.c
index 3dbeda0..3bc6e80 100644
--- a/xtldr/xtldr.c
+++ b/xtldr/xtldr.c
@@ -308,6 +308,10 @@ BlStartXtLoader(IN EFI_HANDLE ImageHandle,
         BlDbgPrint(L"WARNING: Failed to disable watchdog timer\n");
     }
 
+    /* Check SecureBoot status */
+    EfiSecureBoot = BlEfiGetSecureBootStatus();
+    BlDbgPrint(L"SecureBoot status: %S\n", EfiSecureBoot == 0 ? L"DISABLED" : EfiSecureBoot > 0 ? L"ENABLED" : L"SETUP");
+
     /* Register loader protocol */
     Status = BlRegisterXtLoaderProtocol();
     if(Status != STATUS_EFI_SUCCESS)