From 076de43a0f871d9e6b6d48e013f01616e4fb1eea Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 11 Mar 2021 16:44:46 -0500
Subject: Make ENABLE_SHIM_DEVEL work better.

This fixes ENABLE_SHIM_DEVEL to actually work, and also makes our "goto
die" failure behavior change (to wait considerably longer) based on it.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 Makefile |  3 +++
 mok.c    |  4 ++++
 shim.c   | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+)

diff --git a/Makefile b/Makefile
index 9a93d740..e43d7c7c 100644
--- a/Makefile
+++ b/Makefile
@@ -29,6 +29,9 @@ TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug
 ifneq ($(origin ENABLE_SHIM_HASH),undefined)
 TARGETS += $(SHIMHASHNAME)
 endif
+ifneq ($(origin ENABLE_SHIM_DEVEL),undefined)
+CFLAGS += -DENABLE_SHIM_DEVEL
+endif
 ifneq ($(origin ENABLE_SHIM_CERT),undefined)
 TARGETS	+= $(MMNAME).signed $(FBNAME).signed
 CFLAGS += -DENABLE_SHIM_CERT
diff --git a/mok.c b/mok.c
index be477c48..048d38d5 100644
--- a/mok.c
+++ b/mok.c
@@ -236,7 +236,11 @@ struct mok_state_variable mok_state_variables[] = {
 	  * we're enforcing that SBAT can't have an RT flag here because
 	  * there's no way to tell whether it's an authenticated variable.
 	  */
+#if !defined(ENABLE_SHIM_DEVEL)
 	 .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
+#else
+	 .no_attr = 0,
+#endif
 	 .flags = MOK_MIRROR_DELETE_FIRST |
 		  MOK_VARIABLE_MEASURE,
 	 .pcr = 7,
diff --git a/shim.c b/shim.c
index 56a4a3a2..9bc3d602 100644
--- a/shim.c
+++ b/shim.c
@@ -1846,6 +1846,35 @@ debug_hook(void)
 	x = 1;
 }
 
+typedef enum {
+	COLD_RESET,
+	EXIT_FAILURE,
+	EXIT_SUCCESS,	// keep this one last
+} devel_egress_action;
+
+void
+devel_egress(devel_egress_action action UNUSED)
+{
+#ifdef ENABLE_SHIM_DEVEL
+	char *reasons[] = {
+		[COLD_RESET] = "reset",
+		[EXIT_FAILURE] = "exit",
+	};
+	if (action == EXIT_SUCCESS)
+		return;
+
+	console_print(L"Waiting to %a...", reasons[action]);
+	for (size_t sleepcount = 0; sleepcount < 10; sleepcount++) {
+		console_print(L"%d...", 10 - sleepcount);
+		msleep(1000000);
+	}
+	console_print(L"\ndoing %a\n", action);
+
+	if (action == COLD_RESET)
+		gRT->ResetSystem(EfiResetCold, EFI_SECURITY_VIOLATION, 0, NULL);
+#endif
+}
+
 EFI_STATUS
 efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
 {
@@ -1961,9 +1990,13 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
 die:
 		console_print(L"Something has gone seriously wrong: %s: %r\n",
 			      msgs[msg], efi_status);
+#if defined(ENABLE_SHIM_DEVEL)
+		devel_egress(COLD_RESET);
+#else
 		msleep(5000000);
 		gRT->ResetSystem(EfiResetShutdown, EFI_SECURITY_VIOLATION,
 				 0, NULL);
+#endif
 	}
 
 	efi_status = shim_init();
@@ -1986,5 +2019,6 @@ die:
 	efi_status = init_grub(image_handle);
 
 	shim_fini();
+	devel_egress(EFI_ERROR(efi_status) ? EXIT_FAILURE : EXIT_SUCCESS);
 	return efi_status;
 }
-- 
cgit v1.2.3