Fix handling of ignore_db and user_insecure_mode - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Adam Williamson <awilliam@redhat.com>	2021-04-08 22:39:02 -0700
committer	Peter Jones <pjones@redhat.com>	2021-04-09 13:58:25 -0400
commit	822d07ad4f07ef66fe447a130e1027c88d02a394 (patch)
tree	859ccc61f4f998fe1e801aa3764ec5905f881a7a /lib/variables.c
parent	20e4d9486fcae54ee44d2323ae342ffe68c920e6 (diff)
download	efi-boot-shim-822d07ad4f07ef66fe447a130e1027c88d02a394.tar.gz efi-boot-shim-822d07ad4f07ef66fe447a130e1027c88d02a394.zip

Fix handling of ignore_db and user_insecure_mode

In 65be350308783a8ef537246c8ad0545b4e6ad069, import_mok_state() is split up into a function that manages the whole mok state, and one that handles the state machine for an individual state variable. Unfortunately, the code that initializes the global ignore_db and user_insecure_mode was copied from import_mok_state() into the new import_one_mok_state() function, and thus re-initializes that state each time it processes a MoK state variable, before even assessing if that variable is set. As a result, we never honor either flag, and the machine owner cannot disable trusting the system firmware's db/dbx databases or disable validation altogether. This patch removes the extra re-initialization, allowing those variables to be set properly. Signed-off-by: Adam Williamson <awilliam@redhat.com>

Diffstat (limited to 'lib/variables.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: