diff options
Diffstat (limited to 'shim.c')
| -rw-r--r-- | shim.c | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) { status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize, shim_lock_guid, &attributes); - if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) { + if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) { Print(L"MokList is compromised!\nErase all keys in MokList!\n"); if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) { Print(L"Failed to erase MokList\n"); + return EFI_ACCESS_DENIED; } - status = EFI_ACCESS_DENIED; - return status; } if (MokListData) @@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize, /* * Check that the MOK database hasn't been modified */ - verify_mok(); + status = verify_mok(); + if (status != EFI_SUCCESS) + return status; /* * Ensure that the binary isn't blacklisted |