88d855728e
Resolves: rhbz#1484609 Get rid of the temporary extra efi packages hack. Signed-off-by: Peter Jones <pjones@redhat.com>
45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
From 0eff90e11b7ff7e0f9b9871d2e8bd9501297f881 Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Mon, 9 May 2016 14:15:17 -0400
|
|
Subject: [PATCH 171/194] Add some grub_dprintf() in the secure boot verify
|
|
code.
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
---
|
|
grub-core/loader/efi/linux.c | 16 +++++++++++++---
|
|
1 file changed, 13 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
|
|
index 2a7024134..7fe7201a3 100644
|
|
--- a/grub-core/loader/efi/linux.c
|
|
+++ b/grub-core/loader/efi/linux.c
|
|
@@ -43,12 +43,22 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
|
|
shim_lock = grub_efi_locate_protocol(&guid, NULL);
|
|
grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
|
|
if (!shim_lock)
|
|
- return 0;
|
|
+ {
|
|
+ grub_dprintf ("secureboot", "shim not available\n");
|
|
+ return 0;
|
|
+ }
|
|
|
|
- status = shim_lock->verify(data, size);
|
|
+ grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n");
|
|
+ status = shim_lock->verify (data, size);
|
|
grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status);
|
|
if (status == GRUB_EFI_SUCCESS)
|
|
- return 1;
|
|
+ {
|
|
+ grub_dprintf ("secureboot", "Kernel signature verification passed\n");
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
+ grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n",
|
|
+ (unsigned long) status);
|
|
|
|
return -1;
|
|
}
|
|
--
|
|
2.13.5
|
|
|