From 832e5161b5bf9bba3e46ee203d5a131fc8b087c8 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Wed, 24 Oct 2012 00:10:29 -0400
Subject: [PATCH] Boot unsigned binaries if we're not in secure mode

read_header would fail if the binary was unsigned, even if we weren't then
going to verify the signature. Move that check to the verify function
instead.
---
 shim.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/shim.c b/shim.c
index 447cf87..2ba7e5a 100644
--- a/shim.c
+++ b/shim.c
@@ -625,6 +625,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	WIN_CERTIFICATE_EFI_PKCS *cert;
 	unsigned int size = datasize;
 
+	if (context->SecDir->Size == 0) {
+		Print(L"Empty security header\n");
+		return EFI_INVALID_PARAMETER;
+	}
+
 	cert = ImageAddress (data, size, context->SecDir->VirtualAddress);
 
 	if (!cert) {
@@ -737,11 +742,6 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
 		return EFI_INVALID_PARAMETER;
 	}
 
-	if (context->SecDir->Size == 0) {
-		Print(L"Empty security header\n");
-		return EFI_INVALID_PARAMETER;
-	}
-
 	return EFI_SUCCESS;
 }