diff options
| author | Jan Setje-Eilers <jan.setjeeilers@oracle.com> | 2021-02-25 14:30:43 -0800 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2021-03-11 09:49:02 -0500 |
| commit | cf5efd5a982e597c9e767de1cf51f2ef1512c02e (patch) | |
| tree | d2393aa40640ff88b33d9a72afa413ac5b136f2b /shim.c | |
| parent | 018b74d2d69ef35b43b79709f2ea60325f12dde2 (diff) | |
| download | efi-boot-shim-cf5efd5a982e597c9e767de1cf51f2ef1512c02e.tar.gz efi-boot-shim-cf5efd5a982e597c9e767de1cf51f2ef1512c02e.zip | |
If the SBAT UEFI variable is not set, initialize it as a bootservices variable.
Diffstat (limited to 'shim.c')
| -rw-r--r-- | shim.c | 48 |
1 files changed, 31 insertions, 17 deletions
@@ -1763,7 +1763,8 @@ shim_init(void) void shim_fini(void) { - cleanup_sbat_var(&sbat_var); + if (secure_mode()) + cleanup_sbat_var(&sbat_var); /* * Remove our protocols @@ -1869,6 +1870,7 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) L"shim_init() failed", L"import of SBAT data failed", L"SBAT self-check failed", + L"SBAT UEFI variable setting failed", NULL }; enum { @@ -1876,6 +1878,7 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) SHIM_INIT, IMPORT_SBAT, SBAT_SELF_CHECK, + SET_SBAT, } msg = IMPORT_MOK_STATE; /* @@ -1905,25 +1908,28 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) */ debug_hook(); - INIT_LIST_HEAD(&sbat_var); - efi_status = parse_sbat_var(&sbat_var); - /* - * Until a SBAT variable is installed into the systems, it is expected that - * attempting to parse the variable will fail with an EFI_NOT_FOUND error. - * - * Do not consider that error fatal for now. - */ - if (EFI_ERROR(efi_status) && efi_status != EFI_NOT_FOUND) { - perror(L"Parsing SBAT variable failed: %r\n", - efi_status); - msg = IMPORT_SBAT; - goto die; - } - - if (secure_mode ()) { + if (secure_mode()) { char *sbat_start = (char *)&_sbat; char *sbat_end = (char *)&_esbat; + INIT_LIST_HEAD(&sbat_var); + efi_status = parse_sbat_var(&sbat_var); + if (EFI_ERROR(efi_status)) { + efi_status = set_sbat_uefi_variable(); + if (efi_status == EFI_INVALID_PARAMETER) { + perror(L"SBAT variable initialization failed\n"); + msg = SET_SBAT; + goto die; + } + efi_status = parse_sbat_var(&sbat_var); + if (EFI_ERROR(efi_status)) { + perror(L"Parsing SBAT variable failed: %r\n", + efi_status); + msg = IMPORT_SBAT; + goto die; + } + } + efi_status = handle_sbat(sbat_start, sbat_end - sbat_start); if (EFI_ERROR(efi_status)) { perror(L"Verifiying shim SBAT data failed: %r\n", @@ -1933,6 +1939,14 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) } } + efi_status = set_sbat_uefi_variable(); + if (efi_status == EFI_INVALID_PARAMETER) { + perror(L"SBAT variable initialization failed\n"); + msg = SET_SBAT; + if (secure_mode()) + goto die; + } + init_openssl(); /* |