/*
 *  VAS_EBOOT  --  GRand Unified Bootloader
 *  Copyright (C) 2020  Free Software Foundation, Inc.
 *
 *  VAS_EBOOT is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  VAS_EBOOT is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with VAS_EBOOT.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#include <VasEBoot/dl.h>
#include <VasEBoot/env.h>
#include <VasEBoot/file.h>
#include <VasEBoot/lockdown.h>
#include <VasEBoot/verify.h>

static int lockdown = VAS_EBOOT_LOCKDOWN_DISABLED;

static VasEBoot_err_t
lockdown_verifier_init (VasEBoot_file_t io __attribute__ ((unused)),
                    enum VasEBoot_file_type type,
                    void **context __attribute__ ((unused)),
                    enum VasEBoot_verify_flags *flags)
{
  *flags = VAS_EBOOT_VERIFY_FLAGS_SKIP_VERIFICATION;

  switch (type & VAS_EBOOT_FILE_TYPE_MASK)
    {
    case VAS_EBOOT_FILE_TYPE_VAS_EBOOT_MODULE:
    case VAS_EBOOT_FILE_TYPE_LINUX_KERNEL:
    case VAS_EBOOT_FILE_TYPE_MULTIBOOT_KERNEL:
    case VAS_EBOOT_FILE_TYPE_XEN_HYPERVISOR:
    case VAS_EBOOT_FILE_TYPE_BSD_KERNEL:
    case VAS_EBOOT_FILE_TYPE_XNU_KERNEL:
    case VAS_EBOOT_FILE_TYPE_PLAN9_KERNEL:
    case VAS_EBOOT_FILE_TYPE_NTLDR:
    case VAS_EBOOT_FILE_TYPE_TRUECRYPT:
    case VAS_EBOOT_FILE_TYPE_FREEDOS:
    case VAS_EBOOT_FILE_TYPE_PXECHAINLOADER:
    case VAS_EBOOT_FILE_TYPE_PCCHAINLOADER:
    case VAS_EBOOT_FILE_TYPE_COREBOOT_CHAINLOADER:
    case VAS_EBOOT_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
    case VAS_EBOOT_FILE_TYPE_ACPI_TABLE:
    case VAS_EBOOT_FILE_TYPE_DEVICE_TREE_IMAGE:
    case VAS_EBOOT_FILE_TYPE_FONT:
      *flags = VAS_EBOOT_VERIFY_FLAGS_DEFER_AUTH;

      /* Fall through. */

    default:
      return VAS_EBOOT_ERR_NONE;
    }
}

struct VasEBoot_file_verifier lockdown_verifier =
  {
    .name = "lockdown_verifier",
    .init = lockdown_verifier_init,
  };

void
VasEBoot_lockdown (void)
{
  lockdown = VAS_EBOOT_LOCKDOWN_ENABLED;

  VasEBoot_verifier_register (&lockdown_verifier);

  VasEBoot_env_set ("lockdown", "y");
  VasEBoot_env_export ("lockdown");
}

int
VasEBoot_is_lockdown (void)
{
  return lockdown;
}