From 0948ac09716fefd15c683ca7d6cd38fd92c9e794 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 6 Nov 2013 13:59:02 -0500
Subject: [PATCH] Fix check logic for SetupMode variable.

After going back and inspecting this further, the logic for "SetupMode"
being present at all was incorrect.  Also initialize our state earlier
so it's sure to always be set.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 shim.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/shim.c b/shim.c
index 0081342..23dd0ee 100644
--- a/shim.c
+++ b/shim.c
@@ -471,11 +471,9 @@ static BOOLEAN secure_mode (void)
 	}
 
 	status = get_variable(L"SetupMode", &Data, &len, global_var);
-	if (status == EFI_SUCCESS) {
-		if (verbose)
-			console_notify(L"Platform is in setup mode\n");
-		return FALSE;
-	}
+	if (status != EFI_SUCCESS)
+		return TRUE;
+
 	setupmode = *Data;
 	FreePool(Data);
 
@@ -1509,14 +1507,15 @@ static EFI_STATUS check_mok_sb (void)
 	UINTN MokSBStateSize = 0;
 	UINT32 attributes;
 
+	insecure_mode = 0;
+	ignore_db = 0;
+
 	status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize,
 				   shim_lock_guid, &attributes);
 
 	if (status != EFI_SUCCESS)
 		return EFI_ACCESS_DENIED;
 
-	insecure_mode = 0;
-
 	/*
 	 * Delete and ignore the variable if it's been set from or could be
 	 * modified by the OS