From 6fc35f2eaafab245d60827b8298f0023458dc468 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 30 Oct 2012 10:32:34 +0800
Subject: Initialize the size of vendor dbx as 0

The size of vendor dbx must be 0 if there is no vendor dbx provided
or the functions of db check will crash.
---
 dbx.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dbx.S b/dbx.S
index d19123c4..a26fc387 100644
--- a/dbx.S
+++ b/dbx.S
@@ -28,5 +28,5 @@ vendor_dbx:
 	.type	vendor_dbx_size, @object
 	.size	vendor_dbx_size, 4
 vendor_dbx_size:
-	.long	1
+	.long	0
 #endif
-- 
cgit v1.2.3


From 054dc6d29e2bfdb54830c70c5ca20c1344cbde83 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 30 Oct 2012 10:32:35 +0800
Subject: Check the vendor blacklist correctly

---
 shim.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/shim.c b/shim.c
index 0cd89b43..81e42314 100644
--- a/shim.c
+++ b/shim.c
@@ -341,14 +341,14 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
 
 	if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha256hash,
 				 SHA256_DIGEST_SIZE, EfiHashSha256Guid) ==
-				DATA_NOT_FOUND)
+				DATA_FOUND)
 		return EFI_ACCESS_DENIED;
 	if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha1hash,
 				 SHA1_DIGEST_SIZE, EfiHashSha1Guid) ==
-				DATA_NOT_FOUND)
+				DATA_FOUND)
 		return EFI_ACCESS_DENIED;
 	if (check_db_cert_in_ram(vendor_dbx, vendor_dbx_size, cert,
-				 sha256hash) == DATA_NOT_FOUND)
+				 sha256hash) == DATA_FOUND)
 		return EFI_ACCESS_DENIED;
 
 	if (check_db_hash(L"dbx", secure_var, sha256hash, SHA256_DIGEST_SIZE,
-- 
cgit v1.2.3