Explain the logic in secure_mode() better.

I was getting confused reading it, and I wrote it, so clearly it needs more commentry. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2014-06-25 10:46:52 -0400
committer: Peter Jones <pjones@redhat.com> 2014-06-25 10:46:52 -0400
commit: 3b414422277f5a47c5fdd2d260eff8329d280ce8 (patch)
tree: 95d833420e0035c051ff1d7ba7215649f6c9535f /shim.c
parent: fe8527aaa6305ae5992a70491e6b1c06432aaa3a (diff)
download: efi-boot-shim-3b414422277f5a47c5fdd2d260eff8329d280ce8.tar.gz
efi-boot-shim-3b414422277f5a47c5fdd2d260eff8329d280ce8.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/shim.c b/shim.c
index 72d6072c..210e778a 100644
--- a/shim.c
+++ b/shim.c
@@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void)
 		return FALSE;
 	}
 
+	/* If we /do/ have "SecureBoot", but /don't/ have "SetupMode",
+	 * then the implementation is bad, but we assume that secure boot is
+	 * enabled according to the status of "SecureBoot".  If we have both
+	 * of them, then "SetupMode" may tell us additional data, and we need
+	 * to consider it.
+	 */
 	status = get_variable(L"SetupMode", &Data, &len, global_var);
 	if (status != EFI_SUCCESS)
 		return TRUE;
author	Peter Jones <pjones@redhat.com>	2014-06-25 10:46:52 -0400
committer	Peter Jones <pjones@redhat.com>	2014-06-25 10:46:52 -0400
commit	3b414422277f5a47c5fdd2d260eff8329d280ce8 (patch)
tree	95d833420e0035c051ff1d7ba7215649f6c9535f /shim.c
parent	fe8527aaa6305ae5992a70491e6b1c06432aaa3a (diff)
download	efi-boot-shim-3b414422277f5a47c5fdd2d260eff8329d280ce8.tar.gz efi-boot-shim-3b414422277f5a47c5fdd2d260eff8329d280ce8.zip