shim-unsigned-x64/0003-Let-MokManager-follow-a-MokTimeout-var-for-timeout-l.patch
Peter Jones 34668cd0d4 Pull in the RHEL CVE fixes.
Related: rhbz#1915194

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-08-06 13:10:11 -05:00

62 lines
1.8 KiB
Diff

From 74718677945b1ab825130b317c63f5002876e772 Mon Sep 17 00:00:00 2001
From: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date: Thu, 5 Jul 2018 11:28:12 -0400
Subject: [PATCH 03/62] Let MokManager follow a MokTimeout var for timeout
length for the prompt
This timeout can have the values [-1,0..0x7fff]; where -1 means "no timeout",
with MokManager going directly to the menu, and is capped to 0x7fff to avoid
unecessary long timeouts. The default remains 10, which will be used whenever
the MokTimeout variable isn't set.
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Upstream-commit-id: 93708c11083
---
MokManager.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/MokManager.c b/MokManager.c
index 7e40a38f1d1..0767e4a6cde 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -40,6 +40,10 @@ typedef struct {
CHAR16 Password[SB_PASSWORD_LEN];
} __attribute__ ((packed)) MokDBvar;
+typedef struct {
+ INT32 Timeout;
+} __attribute__ ((packed)) MokTimeoutvar;
+
static EFI_STATUS get_sha1sum(void *Data, int DataSize, UINT8 * hash)
{
EFI_STATUS efi_status;
@@ -2041,7 +2045,24 @@ static int draw_countdown()
UINTN cols, rows;
CHAR16 *title[2];
CHAR16 *message = L"Press any key to perform MOK management";
- int timeout = 10, wait = 10000000;
+ void *MokTimeout = NULL;
+ MokTimeoutvar *var;
+ UINTN MokTimeoutSize = 0;
+ int timeout, wait = 10000000;
+
+ efi_status = get_variable(L"MokTimeout", (UINT8 **) &MokTimeout,
+ &MokTimeoutSize, SHIM_LOCK_GUID);
+ if (EFI_ERROR(efi_status)) {
+ timeout = 10;
+ } else {
+ var = MokTimeout;
+ timeout = (int)var->Timeout;
+ FreePool(MokTimeout);
+ LibDeleteVariable(L"MokTimeout", &SHIM_LOCK_GUID);
+ }
+
+ if (timeout < 0)
+ return timeout;
console_save_and_set_mode(&SavedMode);
--
2.26.2