diff options
| author | Peter Jones <pjones@redhat.com> | 2017-08-01 11:19:33 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2017-08-03 11:00:58 -0400 |
| commit | bdc5d3ec9ca5e0f270dc583c86ef8916ee70ac39 (patch) | |
| tree | bc029dbde34dcce04b760874a11bc386eb938cc6 | |
| parent | 22f2737535ca09faf48762df89b61e81b8d4a2f8 (diff) | |
| download | efi-boot-shim-bdc5d3ec9ca5e0f270dc583c86ef8916ee70ac39.tar.gz efi-boot-shim-bdc5d3ec9ca5e0f270dc583c86ef8916ee70ac39.zip | |
Always measure all of MokSBState, MokList, and MokListX
Even if errors occurred, always try to measure all of our Mok entries.
This way we won't fail on e.g. MokList not being set.
Signed-off-by: Peter Jones <pjones@redhat.com>
| -rw-r--r-- | shim.c | 56 |
1 files changed, 37 insertions, 19 deletions
@@ -1921,37 +1921,55 @@ EFI_STATUS init_grub(EFI_HANDLE image_handle) EFI_STATUS measure_mok() { EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; - EFI_STATUS efi_status; + EFI_STATUS efi_status, ret = EFI_SUCCESS; UINT8 *Data = NULL; UINTN DataSize = 0; efi_status = get_variable(L"MokList", &Data, &DataSize, shim_lock_guid); - if (efi_status != EFI_SUCCESS) - return efi_status; + if (!EFI_ERROR(efi_status)) { + efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, + DataSize, 14, (CHAR8 *)"MokList"); + FreePool(Data); - efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, - DataSize, 14, (CHAR8 *)"MokList"); + if (EFI_ERROR(efi_status)) + ret = efi_status; - FreePool(Data); + } else { + ret = efi_status; + } - if (efi_status != EFI_SUCCESS) - return efi_status; + efi_status = get_variable(L"MokListX", &Data, &DataSize, shim_lock_guid); + if (!EFI_ERROR(efi_status)) { + efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, + DataSize, 14, (CHAR8 *)"MokListX"); + FreePool(Data); + + if (EFI_ERROR(efi_status) && !EFI_ERROR(ret)) + ret = efi_status; + + } else if (!EFI_ERROR(ret)) { + ret = efi_status; + } efi_status = get_variable(L"MokSBState", &Data, &DataSize, shim_lock_guid); + if (!EFI_ERROR(efi_status)) { + efi_status = tpm_measure_variable(L"MokSBState", + shim_lock_guid, + DataSize, Data); + if (!EFI_ERROR(efi_status)) { + efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS) + (UINTN)Data, DataSize, 14, + (CHAR8 *)"MokSBState"); + } - if (efi_status != EFI_SUCCESS) - return efi_status; - - efi_status = tpm_measure_variable(L"MokSBState", shim_lock_guid, - DataSize, Data); - if (efi_status != EFI_SUCCESS) - goto out; + FreePool(Data); - efi_status = tpm_log_event((EFI_PHYSICAL_ADDRESS)(UINTN)Data, - DataSize, 14, (CHAR8 *)"MokSBState"); -out: - FreePool(Data); + if (EFI_ERROR(efi_status) && !EFI_ERROR(ret)) + ret = efi_status; + } else if (!EFI_ERROR(ret)) { + ret = efi_status; + } return efi_status; } |