shim: initialize OpenSSL after parsing SBAT data

A following patch will make shim to verify its .sbat section and it should be done before doing the OpenSSL initialization. But having the debugger attached may be useful at this point. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
author: Javier Martinez Canillas <javierm@redhat.com> 2021-02-18 01:12:49 +0100
committer: Peter Jones <pjones@redhat.com> 2021-02-19 14:28:10 -0500
commit: 1919b566b05cf4fb582acf4f137764abeefd6b29 (patch)
tree: 912ef37302bf58c361015ac35b7d5e6e7041455d
parent: 4c9654fb68dcdb0a489982570e4613f9fad2fc92 (diff)
download: efi-boot-shim-1919b566b05cf4fb582acf4f137764abeefd6b29.tar.gz
efi-boot-shim-1919b566b05cf4fb582acf4f137764abeefd6b29.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index a7ebaee1..749b6ece 100644
--- a/shim.c
+++ b/shim.c
@@ -1887,7 +1887,6 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	       vendor_authorized, vendor_authorized_size);
 	dprint(L"vendor_deauthorized:0x%08lx vendor_deauthorized_size:%lu\n",
 	       vendor_deauthorized, vendor_deauthorized_size);
-	init_openssl();
 
 	/*
 	 * if SHIM_DEBUG is set, wait for a debugger to attach.
@@ -1909,6 +1908,8 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
 		goto die;
 	}
 
+	init_openssl();
+
 	/*
 	 * Before we do anything else, validate our non-volatile,
 	 * boot-services-only state variables are what we think they are.
author	Javier Martinez Canillas <javierm@redhat.com>	2021-02-18 01:12:49 +0100
committer	Peter Jones <pjones@redhat.com>	2021-02-19 14:28:10 -0500
commit	1919b566b05cf4fb582acf4f137764abeefd6b29 (patch)
tree	912ef37302bf58c361015ac35b7d5e6e7041455d
parent	4c9654fb68dcdb0a489982570e4613f9fad2fc92 (diff)
download	efi-boot-shim-1919b566b05cf4fb582acf4f137764abeefd6b29.tar.gz efi-boot-shim-1919b566b05cf4fb582acf4f137764abeefd6b29.zip