From 0b394a94805fb5647bb68a9e1afd5e347eadc0a3 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 4 Jun 2015 10:19:30 -0400 Subject: [PATCH] Only run MokManager if asked or a security violation occurs. Don't run MokManager on any random error from start_image(second_stage); only try it if it /is/ the second stage, or if start_image gave us EFI_SECURITY_VIOLATION. Signed-off-by: Peter Jones --- shim.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/shim.c b/shim.c index 5712d48..d66c549 100644 --- a/shim.c +++ b/shim.c @@ -1673,14 +1673,21 @@ done: EFI_STATUS init_grub(EFI_HANDLE image_handle) { EFI_STATUS efi_status; + int use_fb = should_use_fallback(image_handle); - if (should_use_fallback(image_handle)) - efi_status = start_image(image_handle, FALLBACK); - else - efi_status = start_image(image_handle, second_stage); + efi_status = start_image(image_handle, use_fb ? FALLBACK :second_stage); - if (efi_status != EFI_SUCCESS) + if (efi_status == EFI_SECURITY_VIOLATION) { efi_status = start_image(image_handle, MOK_MANAGER); + if (efi_status != EFI_SUCCESS) { + Print(L"start_image() returned %r\n", efi_status); + uefi_call_wrapper(BS->Stall, 1, 2000000); + return efi_status; + } + + efi_status = start_image(image_handle, + use_fb ? FALLBACK : second_stage); + } Print(L"start_image() returned %r\n", efi_status); uefi_call_wrapper(BS->Stall, 1, 2000000);