2 files changed, 20 insertions, 8 deletions

diff --git a/include/sbat.h b/include/sbat.h
index c3e96179..69f4e78a 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -21,9 +21,6 @@ extern list_t sbat_var;
 #define SBAT_VAR_COLUMNS ((sizeof (struct sbat_var_entry) - sizeof(list_t)) / sizeof(CHAR8 *))
 #define SBAT_VAR_REQUIRED_COLUMNS (SBAT_VAR_COLUMNS - 1)
 
-#ifdef SHIM_UNIT_TEST
-EFI_STATUS parse_sbat_var_data(list_t *entries, UINT8 *data, UINTN datasize);
-#endif
 EFI_STATUS parse_sbat_var(list_t *entries);
 void cleanup_sbat_var(list_t *entries);
 
@@ -44,5 +41,10 @@ void cleanup_sbat_section_entries(size_t n, struct sbat_section_entry **entries)
 
 EFI_STATUS verify_sbat(size_t n, struct sbat_section_entry **entries);
 
+#ifdef SHIM_UNIT_TEST
+EFI_STATUS parse_sbat_var_data(list_t *entries, UINT8 *data, UINTN datasize);
+EFI_STATUS verify_sbat_helper(list_t *sbat_var, size_t n,
+                              struct sbat_section_entry **entries);
+#endif /* !SHIM_UNIT_TEST */
 #endif /* !SBAT_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/sbat.c b/sbat.c
index 0353e790..21b21bff 100644
--- a/sbat.c
+++ b/sbat.c
@@ -150,28 +150,38 @@ cleanup_sbat_var(list_t *entries)
 }
 
 EFI_STATUS
-verify_sbat(size_t n, struct sbat_section_entry **entries)
+verify_sbat_helper(list_t *local_sbat_var, size_t n, struct sbat_section_entry **entries)
 {
 	unsigned int i;
 	list_t *pos = NULL;
 	EFI_STATUS efi_status = EFI_SUCCESS;
 	struct sbat_var_entry *sbat_var_entry;
 
-	if (list_empty(&sbat_var)) {
+	if (list_empty(local_sbat_var)) {
 		dprint(L"SBAT variable not present\n");
 		return EFI_SUCCESS;
 	}
 
 	for (i = 0; i < n; i++) {
-		list_for_each(pos, &sbat_var) {
+		list_for_each(pos, local_sbat_var) {
 			sbat_var_entry = list_entry(pos, struct sbat_var_entry, list);
 			efi_status = verify_single_entry(entries[i], sbat_var_entry);
 			if (EFI_ERROR(efi_status))
-				return efi_status;
+				goto out;
 		}
 	}
 
-	dprint(L"all entries from SBAT section verified\n");
+out:
+	dprint(L"finished verifying SBAT data: %r\n", efi_status);
+	return efi_status;
+}
+
+EFI_STATUS
+verify_sbat(size_t n, struct sbat_section_entry **entries)
+{
+	EFI_STATUS efi_status;
+
+	efi_status = verify_sbat_helper(&sbat_var, n, entries);
 	return efi_status;
 }