Optionally allow to keep shim protocol installed

If the SHIM_RETAIN_PROTOCOL variable is set, avoid uninstalling our
protocol.
For example, this allows sd-stub in a UKI to use the shim protocol to
validate PE binaries, even if it is executed by a second stage, before
the kernel is loaded.
Ensure that the variable is volatile and for BootServices access.

Example use case in sd-boot/sd-stub:

systemd/systemd#27358

Signed-off-by: Luca Boccassi <bluca@debian.org>

replacements.c

@@ -78,8 +78,25 @@ replacement_start_image(EFI_HANDLE image_handle, UINTN *exit_data_size, CHAR16 *
 	unhook_system_services();
 
 	if (image_handle == last_loaded_image) {
+		UINT8 *data = NULL;
+		UINTN dataSize = 0;
+		UINT32 attrs = 0;
+
 		loader_is_participating = 1;
-		uninstall_shim_protocols();
+
+		/* If a boot component asks us, keep our protocol around - it will be used to
+		 * validate further PE payloads (e.g.: by the UKI stub, before the kernel is booted).
+		 * But also check that the variable was set by a boot component, to ensure that
+		 * nobody at runtime can attempt to change shim's behaviour. */
+		efi_status = get_variable_attr(SHIM_RETAIN_PROTOCOL_VAR_NAME, &data, &dataSize,
+					       SHIM_LOCK_GUID, &attrs);
+		if (EFI_ERROR(efi_status) ||
+				(attrs & EFI_VARIABLE_NON_VOLATILE) ||
+				!(attrs & EFI_VARIABLE_BOOTSERVICE_ACCESS)) {
+			uninstall_shim_protocols();
+		} else {
+			FreePool(data);
+		}
 	}
 	efi_status = BS->StartImage(image_handle, exit_data_size, exit_data);
 	if (EFI_ERROR(efi_status)) {

shim.h

@@ -305,6 +305,8 @@ verify_buffer (char *data, int datasize,
 #define DEBUG_VAR_NAME L"SHIM_DEBUG"
 #endif
 
+#define SHIM_RETAIN_PROTOCOL_VAR_NAME L"SHIM_RETAIN_PROTOCOL"
+
 char *translate_slashes(char *out, const char *str);
 
 #endif /* SHIM_H_ */