shim-unsigned-x64/SOURCES/0020-Make-sure-that-MOK-variables-always-get-mirrored.patch

62 lines
1.9 KiB
Diff
Raw Normal View History

2020-07-29 17:16:37 +00:00
From ac0400b20264ef67b67891d2216edd3fe20e5571 Mon Sep 17 00:00:00 2001
2019-05-07 03:59:23 +00:00
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Mon, 5 Nov 2018 14:51:16 +0100
2020-07-29 17:16:37 +00:00
Subject: [PATCH 20/62] Make sure that MOK variables always get mirrored
2019-05-07 03:59:23 +00:00
Without this, if a Mok variable doesn't exist in Boot Services, it will also
not be copied to Runtime, even if we have data to be added to it (vendor cert).
This patch makes sure that if we have extra data to append, we still mirror
the variable.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2020-07-29 17:16:37 +00:00
Upstream-commit-id: 9ab0d796bdc
2019-05-07 03:59:23 +00:00
---
mok.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/mok.c b/mok.c
index 38675211e0e..00dd1ad3034 100644
--- a/mok.c
+++ b/mok.c
@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
UINT32 attrs = 0;
BOOLEAN delete = FALSE, present, addend;
+ addend = (v->addend_source && v->addend_size &&
+ *v->addend_source && *v->addend_size)
+ ? TRUE : FALSE;
+
efi_status = get_variable_attr(v->name,
&v->data, &v->data_size,
*v->guid, &attrs);
- if (efi_status == EFI_NOT_FOUND)
+ if (efi_status == EFI_NOT_FOUND) {
+ if (v->rtname && addend) {
+ efi_status = mirror_one_mok_variable(v);
+ if (EFI_ERROR(efi_status) &&
+ ret != EFI_SECURITY_VIOLATION)
+ ret = efi_status;
+ }
+ /*
+ * after possibly adding, we can continue, no
+ * further checks to be done.
+ */
continue;
+ }
if (EFI_ERROR(efi_status)) {
perror(L"Could not verify %s: %r\n", v->name,
efi_status);
@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
}
present = (v->data && v->data_size) ? TRUE : FALSE;
- addend = (v->addend_source && v->addend_size &&
- *v->addend_source && *v->addend_size)
- ? TRUE : FALSE;
if (v->flags & MOK_VARIABLE_MEASURE && present) {
/*
--
2020-07-29 17:16:37 +00:00
2.26.2
2019-05-07 03:59:23 +00:00