From f95ccd0a7f64c0a63b06fddd278a3e35aa96eba9 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 4 Oct 2013 15:29:29 -0400 Subject: Unhook system services as we exit. If we never find a valid thing to boot, we need to undo the weird things we've done. Signed-off-by: Peter Jones --- replacements.c | 2 +- replacements.h | 1 + shim.c | 14 ++++++++++---- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/replacements.c b/replacements.c index b05b2202..bac5e5d7 100644 --- a/replacements.c +++ b/replacements.c @@ -66,7 +66,7 @@ static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services; extern UINT8 insecure_mode; -static void +void unhook_system_services(void) { if (insecure_mode) diff --git a/replacements.h b/replacements.h index 806c0386..5b57bc25 100644 --- a/replacements.h +++ b/replacements.h @@ -39,5 +39,6 @@ extern verification_method_t verification_method; extern int loader_is_participating; extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); +extern void unhook_system_services(void); #endif /* SHIM_REPLACEMENTS_H */ diff --git a/shim.c b/shim.c index 502a91dd..c8759a58 100644 --- a/shim.c +++ b/shim.c @@ -1767,18 +1767,24 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) efi_status = init_grub(image_handle); +#if defined(OVERRIDE_SECURITY_POLICY) + /* + * Clean up the security protocol hook + */ + security_policy_uninstall(); +#endif + /* * If we're back here then clean everything up before exiting */ uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle, &shim_lock_guid, &shim_lock_interface); -#if defined(OVERRIDE_SECURITY_POLICY) + /* - * Clean up the security protocol hook + * Remove our hooks from system services. */ - security_policy_uninstall(); -#endif + unhook_system_services(); /* * Free the space allocated for the alternative 2nd stage loader -- cgit v1.2.3