From 32b08c73d89699397b8248968f7d6fffbc5fa355 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Sat, 6 Oct 2012 17:20:30 -0400 Subject: [PATCH] Fall back to MokManager if grub failed to validate If we can't verify grub, fall back to MokManager. This permits shipping a copy of shim and MokManager without distributing a key, letting distributions provide their own for user installation. --- shim.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/shim.c b/shim.c index 479007b..5e718bb 100644 --- a/shim.c +++ b/shim.c @@ -1019,8 +1019,10 @@ EFI_STATUS init_grub(EFI_HANDLE image_handle) efi_status = start_image(image_handle, SECOND_STAGE); if (efi_status != EFI_SUCCESS) { - Print(L"Failed to start grub\n"); - goto done; + if (efi_status == EFI_ACCESS_DENIED) + efi_status = start_image(image_handle, MOK_MANAGER); + else + Print(L"Failed to start grub\n"); } done: