Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE12
shim
shim-fix-verify-mok.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File shim-fix-verify-mok.patch of Package shim
commit 11495d4019d44dce1487939f91f7d751ffbb9730 Author: Andrew Boie <andrew.p.boie@intel.com> Date: Mon Apr 15 14:11:17 2013 -0700 fix verify_mok() () Fix the return value semantics. If the MokList doesn't exist, we are OK. If the MokList was compromised but we were able to erase it, that is OK too. Only if the list can't be nuked do we return an error. () Fix use of potentially uninitialized attribute variable () Actually use the return value when called from verify_buffer. Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e Signed-off-by: Andrew Boie <andrew.p.boie@intel.com> diff --git a/shim.c b/shim.c index 23dd0ee..dcb36d0 100644 --- a/shim.c +++ b/shim.c @@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) { status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize, shim_lock_guid, &attributes); - if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { + if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { Print(L"MokList is compromised!\nErase all keys in MokList!\n"); if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { Print(L"Failed to erase MokList\n"); + return EFI_ACCESS_DENIED; } - status = EFI_ACCESS_DENIED; - return status; } if (MokListData) @@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize, /* * Check that the MOK database hasn't been modified */ - verify_mok(); + status = verify_mok(); + if (status != EFI_SUCCESS) + return status; /* * Ensure that the binary isn't blacklisted
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor