diff options
| author | Peter Jones <pjones@redhat.com> | 2021-03-10 15:48:28 -0500 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2021-03-11 09:49:02 -0500 |
| commit | e02bb35a160d3b0fec07adbfb2f730031173e180 (patch) | |
| tree | 452d49487fd658c1540bb3a147aa6b8f85ff4f0b | |
| parent | dcf9a122ec68016a5d4e9da4972b9261cd7f6686 (diff) | |
| download | efi-boot-shim-e02bb35a160d3b0fec07adbfb2f730031173e180.tar.gz efi-boot-shim-e02bb35a160d3b0fec07adbfb2f730031173e180.zip | |
shim: simplify sbat self-check logic.
There's no reason to do the work to set an initial SBAT variable twice,
or to do it /after/ the self check.
This changes it to do it once, before the self check, and then only
raise an error if we're in secure mode.
Signed-off-by: Peter Jones <pjones@redhat.com>
| -rw-r--r-- | shim.c | 37 |
1 files changed, 15 insertions, 22 deletions
@@ -1908,6 +1908,16 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) */ debug_hook(); + efi_status = set_sbat_uefi_variable(); + if (EFI_ERROR(efi_status) && secure_mode()) { + perror(L"SBAT variable initialization failed\n"); + msg = SET_SBAT; + goto die; + } else if (EFI_ERROR(efi_status)) { + dprint(L"SBAT variable initialization failed: %r\n", + efi_status); + } + if (secure_mode()) { char *sbat_start = (char *)&_sbat; char *sbat_end = (char *)&_esbat; @@ -1915,38 +1925,21 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) INIT_LIST_HEAD(&sbat_var); efi_status = parse_sbat_var(&sbat_var); if (EFI_ERROR(efi_status)) { - efi_status = set_sbat_uefi_variable(); - if (efi_status == EFI_INVALID_PARAMETER) { - perror(L"SBAT variable initialization failed\n"); - msg = SET_SBAT; - goto die; - } - efi_status = parse_sbat_var(&sbat_var); - if (EFI_ERROR(efi_status)) { - perror(L"Parsing SBAT variable failed: %r\n", - efi_status); - msg = IMPORT_SBAT; - goto die; - } + perror(L"Parsing SBAT variable failed: %r\n", + efi_status); + msg = IMPORT_SBAT; + goto die; } efi_status = handle_sbat(sbat_start, sbat_end - sbat_start); if (EFI_ERROR(efi_status)) { perror(L"Verifiying shim SBAT data failed: %r\n", efi_status); - msg = SBAT_SELF_CHECK;; + msg = SBAT_SELF_CHECK; goto die; } } - efi_status = set_sbat_uefi_variable(); - if (efi_status == EFI_INVALID_PARAMETER) { - perror(L"SBAT variable initialization failed\n"); - msg = SET_SBAT; - if (secure_mode()) - goto die; - } - init_openssl(); /* |