diff options
| -rw-r--r-- | replacements.c | 2 | ||||
| -rw-r--r-- | replacements.h | 1 | ||||
| -rw-r--r-- | shim.c | 14 |
3 files changed, 12 insertions, 5 deletions
diff --git a/replacements.c b/replacements.c index b05b2202..bac5e5d7 100644 --- a/replacements.c +++ b/replacements.c @@ -66,7 +66,7 @@ static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; extern UINT8 insecure_mode; -static void +void unhook_system_services(void) { if (insecure_mode) diff --git a/replacements.h b/replacements.h index 806c0386..5b57bc25 100644 --- a/replacements.h +++ b/replacements.h @@ -39,5 +39,6 @@ extern verification_method_t verification_method; extern int loader_is_participating; extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); +extern void unhook_system_services(void); #endif /* SHIM_REPLACEMENTS_H */ @@ -1767,18 +1767,24 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) efi_status = init_grub(image_handle); +#if defined(OVERRIDE_SECURITY_POLICY) + /* + * Clean up the security protocol hook + */ + security_policy_uninstall(); +#endif + /* * If we're back here then clean everything up before exiting */ uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle, &shim_lock_guid, &shim_lock_interface); -#if defined(OVERRIDE_SECURITY_POLICY) + /* - * Clean up the security protocol hook + * Remove our hooks from system services. */ - security_policy_uninstall(); -#endif + unhook_system_services(); /* * Free the space allocated for the alternative 2nd stage loader |