pqrascv-hardware 1.0.0-rc.5

Hardware-rooted trust and distributed verifier consensus for PQ-RASCV
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

//! EFI Secure Boot Collection
//!
//! Provides acquisition of EFI Secure Boot variables (e.g., `SecureBoot`,
//! `SetupMode`, `db`, `dbx`) from `/sys/firmware/efi/efivars`.

#![cfg(feature = "live-evidence")]

use crate::digest::TypedDigest;

/// Represents the collected state of EFI Secure Boot on the system.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct SecureBootCollector {
    pub secure_boot_enabled: bool,
    pub setup_mode: bool,
    pub db_hash: Option<TypedDigest>,
    pub dbx_hash: Option<TypedDigest>,
}

impl SecureBootCollector {
    /// Collects Secure Boot state from EFI variables.
    pub fn collect() -> Result<Self, &'static str> {
        // In a real implementation on Linux, this would read from:
        // /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
        // /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
        // /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
        // /sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f
        // For demonstration, we return a stubbed response.
        Ok(Self {
            secure_boot_enabled: true,
            setup_mode: false,
            db_hash: None,
            dbx_hash: None,
        })
    }
}