From 1919b566b05cf4fb582acf4f137764abeefd6b29 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Thu, 18 Feb 2021 01:12:49 +0100 Subject: [PATCH] shim: initialize OpenSSL after parsing SBAT data A following patch will make shim to verify its .sbat section and it should be done before doing the OpenSSL initialization. But having the debugger attached may be useful at this point. Signed-off-by: Javier Martinez Canillas --- shim.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shim.c b/shim.c index a7ebaee..749b6ec 100644 --- a/shim.c +++ b/shim.c @@ -1887,7 +1887,6 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) vendor_authorized, vendor_authorized_size); dprint(L"vendor_deauthorized:0x%08lx vendor_deauthorized_size:%lu\n", vendor_deauthorized, vendor_deauthorized_size); - init_openssl(); /* * if SHIM_DEBUG is set, wait for a debugger to attach. @@ -1909,6 +1908,8 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) goto die; } + init_openssl(); + /* * Before we do anything else, validate our non-volatile, * boot-services-only state variables are what we think they are.