Don't unhook ExitBootServices() when EBS protection is disabled - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Seth Forshee <seth.forshee@canonical.com>	2021-06-05 07:34:44 -0500
committer	Peter Jones <pjones@redhat.com>	2021-07-20 10:17:02 -0400
commit	4583db41ea58195956d4cdf97c43a195939f906b (patch)
tree	73ec290554bfe9086f408ef1a13c5dafbec72758 /lib/variables.c
parent	3f327f546c219634b24cfd9abe9ec987bbb6ad14 (diff)
download	efi-boot-shim-4583db41ea58195956d4cdf97c43a195939f906b.tar.gz efi-boot-shim-4583db41ea58195956d4cdf97c43a195939f906b.zip

Don't unhook ExitBootServices() when EBS protection is disabled

When EBS protection is disabled the code which hooks into EBS is complied out, but on unhook it's the code which restores Exit() that is disabled. This appears to be a mistake, and it can result in writing NULL to EBS in the boot services table. Fix this by moving the ifdefs to compile out the code to unhook EBS instead of the code to unhook Exit(). Also ifdef the definition of system_exit_boot_services to safeguard against its accidental use. Fixes: 4b0a61dc9a95 ("shim: compile time option to bypass the ExitBootServices() check") Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

Diffstat (limited to 'lib/variables.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: