Conditionalize overriding the security policy.

Make OVERRIDE_SECURITY_POLICY a build option. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2013-10-01 13:55:27 -0400
committer: Peter Jones <pjones@redhat.com> 2013-10-01 14:03:16 -0400
commit: f330528786fb02f1771c76818ffc8f1793f5d2f7 (patch)
tree: 048d338958abf211b5e4148f77b8630f9cadea4e /shim.c
parent: 4537217422a4e1bf145e135d89284cf7887ad826 (diff)
download: efi-boot-shim-f330528786fb02f1771c76818ffc8f1793f5d2f7.tar.gz
efi-boot-shim-f330528786fb02f1771c76818ffc8f1793f5d2f7.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/shim.c b/shim.c
index 3c55a5a4..b7256291 100644
--- a/shim.c
+++ b/shim.c
@@ -1629,10 +1629,12 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 			  &shim_lock_guid, EFI_NATIVE_INTERFACE,
 			  &shim_lock_interface);
 
+#if defined(OVERRIDE_SECURITY_POLICY)
 	/*
 	 * Install the security protocol hook
 	 */
 	security_policy_install(shim_verify);
+#endif
 
 	/*
 	 * Enter MokManager if necessary
@@ -1657,10 +1659,12 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle,
 			  &shim_lock_guid, &shim_lock_interface);
 
+#if defined(OVERRIDE_SECURITY_POLICY)
 	/*
 	 * Clean up the security protocol hook
 	 */
 	security_policy_uninstall();
+#endif
 
 	/*
 	 * Free the space allocated for the alternative 2nd stage loader
author	Peter Jones <pjones@redhat.com>	2013-10-01 13:55:27 -0400
committer	Peter Jones <pjones@redhat.com>	2013-10-01 14:03:16 -0400
commit	f330528786fb02f1771c76818ffc8f1793f5d2f7 (patch)
tree	048d338958abf211b5e4148f77b8630f9cadea4e /shim.c
parent	4537217422a4e1bf145e135d89284cf7887ad826 (diff)
download	efi-boot-shim-f330528786fb02f1771c76818ffc8f1793f5d2f7.tar.gz efi-boot-shim-f330528786fb02f1771c76818ffc8f1793f5d2f7.zip