fix verify_mok()

() Fix the return value semantics. If the MokList doesn't exist, we are OK. If the MokList was compromised but we were able to erase it, that is OK too. Only if the list can't be nuked do we return an error. () Fix use of potentially uninitialized attribute variable () Actually use the return value when called from verify_buffer. Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
2025-06-03 03:24:37 +00:00 · 2013-11-12 10:24:01 -05:00 · 2013-11-12 10:24:01 -05:00 · 42426e6eae
commit 42426e6eae
parent 6ae4e4f946
1 changed files with 5 additions and 4 deletions
--- a/shim.c
+++ b/shim.c
@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) {
 	status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize,
 				   shim_lock_guid, &attributes);

-	if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
+	if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
 		Print(L"MokList is compromised!\nErase all keys in MokList!\n");
 		if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) {
 			Print(L"Failed to erase MokList\n");
+                        return EFI_ACCESS_DENIED;
 		}
-		status = EFI_ACCESS_DENIED;
-		return status;
 	}

 	if (MokListData)
@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	/*
 	 * Check that the MOK database hasn't been modified
 	 */
-	verify_mok();
+	status = verify_mok();
+	if (status != EFI_SUCCESS)
+		return status;

 	/*
 	 * Ensure that the binary isn't blacklisted