Only use acpi when secureboot if enabled in UEFI mode.

2024-07-22 02:34:18 +00:00 · 2021-02-04 13:36:26 +08:00 · 2021-02-04 13:36:26 +08:00 · b0208c8ce3
parent b1d5237041
commit b0208c8ce3
5 changed files with 35 additions and 1 deletions
--- a/GRUB2/MOD_SRC/grub-2.04/grub-core/ventoy/ventoy.c
+++ b/GRUB2/MOD_SRC/grub-2.04/grub-core/ventoy/ventoy.c
@ -36,6 +36,7 @@
 #include <grub/misc.h>
 #include <grub/kernel.h>
 #ifdef GRUB_MACHINE_EFI
+#include <grub/efi/api.h>
 #include <grub/efi/efi.h>
 #endif
 #include <grub/time.h>
@ -3370,6 +3371,36 @@ static grub_err_t ventoy_cmd_img_unhook_root(grub_extcmd_context_t ctxt, int arg
    return 0;
 }

+#ifdef GRUB_MACHINE_EFI
+static grub_err_t ventoy_cmd_check_secureboot_var(grub_extcmd_context_t ctxt, int argc, char **args)
+{
+    int ret = 1;
+    grub_uint8_t *var;
+    grub_size_t size;
+    grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+
+    (void)ctxt;
+    (void)argc;
+    (void)args;
+
+    var = grub_efi_get_variable("SecureBoot", &global, &size);
+    if (var && *var == 1)
+    {
+        return 0;
+    }
+    
+    return ret;
+}
+#else
+static grub_err_t ventoy_cmd_check_secureboot_var(grub_extcmd_context_t ctxt, int argc, char **args)
+{
+    (void)ctxt;
+    (void)argc;
+    (void)args;
+    return 1;
+}
+#endif
+
 static grub_err_t ventoy_cmd_acpi_param(grub_extcmd_context_t ctxt, int argc, char **args)
 {
    int i;
@ -4249,6 +4280,7 @@ static cmd_para ventoy_cmds[] =
    { "vt_img_hook_root", ventoy_cmd_img_hook_root, 0, NULL, "", "", NULL },
    { "vt_img_unhook_root", ventoy_cmd_img_unhook_root, 0, NULL, "", "", NULL },
    { "vt_acpi_param", ventoy_cmd_acpi_param, 0, NULL, "", "", NULL },
+    { "vt_check_secureboot_var", ventoy_cmd_check_secureboot_var, 0, NULL, "", "", NULL },

 };

--- a/INSTALL/grub/arm64-efi/true.mod
+++ b/INSTALL/grub/arm64-efi/true.mod
--- a/INSTALL/grub/grub.cfg
+++ b/INSTALL/grub/grub.cfg
@ -1224,7 +1224,9 @@ function vtoyboot_common_func {
                linux16 $vtoy_path/ipxe.krn ${vtdebug_flag} bios80  sector512  mem:${vtoy_chain_mem_addr}:size:${vtoy_chain_mem_size}   
                boot
            else
-                vt_acpi_param ${vtoy_chain_mem_addr} 512
+                if vt_check_secureboot_var; then
+                    vt_acpi_param ${vtoy_chain_mem_addr} 512
+                fi
                ventoy_cli_console
                chainloader ${vtoy_path}/ventoy_${VTOY_EFI_ARCH}.efi sector512 env_param=${ventoy_env_param} ${vtdebug_flag} mem:${vtoy_chain_mem_addr}:size:${vtoy_chain_mem_size}
                boot
--- a/INSTALL/grub/i386-efi/true.mod
+++ b/INSTALL/grub/i386-efi/true.mod
--- a/INSTALL/grub/x86_64-efi/true.mod
+++ b/INSTALL/grub/x86_64-efi/true.mod