stackoom
  简体   繁体   中英

Is there any way to find out if secure boot is enabled from uefi shell?

 原文  2018-05-06 14:58:46       shell/ security/ uefi

Question

So, my question is in title. I know I can parse nvram variables, but didn't find, where enable flag is stored. If there is any another way, I'll glad to know, how to resolve my problem.

1 answers

solution1
 2 ACCPTED  2018-05-07 14:52:29

UEFI SecureBoot has an indicator variable called "SecureBoot" of EfiGlobalVariable GUID. It has a value of 0x01 (UINT8) iff SecureBoot is enabled.

You should also check "SetupMode" variable of the same GUID to have a value of 0x00 (UINT8), this indicates that PK, KEK and db are indeed ready and can't be replaced without authentication.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run a UEFI shell command from inside UEFI application Source from string? Is there any way in shell? Is there any way to open a login shell from a shell script file? Is there any way to find out an argument passed to a jar was quoted? Shell implementation: signal handling: Any way to return early from wait()? Unix - Shell script to find a file from any directory and move it How to create a temporary file with portable shell in a secure way? Correct and secure way to have PHP execute a shell script How to rewrite a file from a shell script without any danger of truncating the file if out of disk space? Find out which shell PHP is using
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM