diff options
| author | Renaud Métrich <rmetrich@redhat.com> | 2024-06-04 14:57:55 +0200 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2025-01-17 14:45:32 -0500 |
| commit | 7864c1048223e6f7a898a9f61ee3a639d1ff9b26 (patch) | |
| tree | 33eb40be1f1b3aa4f8f8b71202e781a9387da596 | |
| parent | 1508ece179267943bad5851010eba8c00570c0ed (diff) | |
| download | efi-boot-shim-7864c1048223e6f7a898a9f61ee3a639d1ff9b26.tar.gz efi-boot-shim-7864c1048223e6f7a898a9f61ee3a639d1ff9b26.zip | |
Provide better error message when MokManager is not found
If MokManager has to be entered but system is booting on disk on
EFI/BOOT/BOOTx.EFI entry, MokManager cannot be found because it's not in
that directory.
This indicates an issue with the BootOrder or the UEFI firmware is just
not taking BootOrder into account (seen on Lenovo ThinkPad P1 Gen 6 and
VMWare), or that the boot media has incorrectly been created without
MokManager.
This patch prints a related message and reboots after 10 seconds.
Reproducer:
1. Import a certificate using mokutil
2. Tell UEFI to boot on BOOTX64.EFI entry on next boot
Result without the patch with verbosity:
-----------------------------------------------------------------------
mok.c:1045:import_mok_state() checking mok request
shim.c:866:load_image() attempting to load \EFI\BOOT\mmx64.efi
Failed to open \EFI\BOOT\mmx64.efi - Not Found
Failed to load image \EFI\BOOT\mmx64.efi: Not Found
shim.c:888 load_image() Failed to open \EFI\BOOT\mmx64.efi - Not Found
shim.c:1115 read_image() Failed to load image \EFI\BOOT\mmx64.efi: Not Found
Failed to start MokManager: Not Found
mok.c:1047:import_mok_state() mok returned Not Found
Something has gone seriously wrong: import_mok_state() failed: Not Found
-----------------------------------------------------------------------
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
| -rw-r--r-- | mok.c | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -50,6 +50,32 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) efi_status = start_image(image_handle, MOK_MANAGER); if (EFI_ERROR(efi_status)) { + /* + * We don't do this in the unit tests because we + * don't have simulation for console_countdown() + * and similar. + */ +#ifndef SHIM_UNIT_TEST + EFI_STATUS efi_status_2; + EFI_LOADED_IMAGE *li; + efi_status_2 = BS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID, + (void **)&li); + if (EFI_ERROR(efi_status_2)) + perror (L"Failed to get image: %r\n", efi_status_2); + else if (is_removable_media_path(li) && + efi_status == EFI_NOT_FOUND) { + CHAR16 *title = L"Could not find MokManager"; + CHAR16 *message = L"MokManager is missing on removable media."; + /* + * This occurs when system is booting on + * hard disk's EFI/BOOT/BOOTxxx.EFI entry + * while it should have booted on + * EFI/<os>/shimxxx.efi entry + */ + console_countdown(title, message, 10); + RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL); + } +#endif perror(L"Failed to start MokManager: %r\n", efi_status); return efi_status; } |