Fall back to MokManager if grub failed to validate

If we can't verify grub, fall back to MokManager. This permits shipping a copy of shim and MokManager without distributing a key, letting distributions provide their own for user installation.
author: Matthew Garrett <mjg@redhat.com> 2012-10-06 17:20:30 -0400
committer: Matthew Garrett <mjg@redhat.com> 2012-10-06 17:20:30 -0400
commit: 8cf182af8b89e7b7032586d2d85bce761d0f3309 (patch)
tree: db1f8f59ac6c7ebd16004e2c38e8680017e32698
parent: d991c4a17890253e709a5881d1afaea99afeab04 (diff)
download: efi-boot-shim-8cf182af8b89e7b7032586d2d85bce761d0f3309.tar.gz
efi-boot-shim-8cf182af8b89e7b7032586d2d85bce761d0f3309.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/shim.c b/shim.c
index 479007b2..5e718bb0 100644
--- a/shim.c
+++ b/shim.c
@@ -1019,8 +1019,10 @@ EFI_STATUS init_grub(EFI_HANDLE image_handle)
 	efi_status = start_image(image_handle, SECOND_STAGE);
 
 	if (efi_status != EFI_SUCCESS) {
-		Print(L"Failed to start grub\n");
-		goto done;
+		if (efi_status == EFI_ACCESS_DENIED)
+			efi_status = start_image(image_handle, MOK_MANAGER);
+		else
+			Print(L"Failed to start grub\n");
 	}
 done:
author	Matthew Garrett <mjg@redhat.com>	2012-10-06 17:20:30 -0400
committer	Matthew Garrett <mjg@redhat.com>	2012-10-06 17:20:30 -0400
commit	8cf182af8b89e7b7032586d2d85bce761d0f3309 (patch)
tree	db1f8f59ac6c7ebd16004e2c38e8680017e32698
parent	d991c4a17890253e709a5881d1afaea99afeab04 (diff)
download	efi-boot-shim-8cf182af8b89e7b7032586d2d85bce761d0f3309.tar.gz efi-boot-shim-8cf182af8b89e7b7032586d2d85bce761d0f3309.zip