|
 |
e97c83 |
From f14119502ee3301e1ae80b5ab7fbe1ba46580e23 Mon Sep 17 00:00:00 2001
|
|
|
e97c83 |
From: Peter Jones <pjones@redhat.com>
|
|
|
e97c83 |
Date: Wed, 1 Oct 2014 22:47:20 -0400
|
|
|
e97c83 |
Subject: [PATCH 65/74] Don't append an empty cert list to MokListRT if
|
|
|
e97c83 |
vendor_cert_size is 0.
|
|
|
e97c83 |
|
|
|
e97c83 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
e97c83 |
---
|
|
|
e97c83 |
shim.c | 63 ++++++++++++++++++++++++++++++++++-----------------------------
|
|
|
e97c83 |
1 file changed, 34 insertions(+), 29 deletions(-)
|
|
|
e97c83 |
|
|
|
e97c83 |
diff --git a/shim.c b/shim.c
|
|
|
e97c83 |
index 4baf8b1..a282ee3 100644
|
|
|
e97c83 |
--- a/shim.c
|
|
|
e97c83 |
+++ b/shim.c
|
|
|
e97c83 |
@@ -1698,37 +1698,42 @@ EFI_STATUS mirror_mok_list()
|
|
|
e97c83 |
if (efi_status != EFI_SUCCESS)
|
|
|
e97c83 |
DataSize = 0;
|
|
|
e97c83 |
|
|
|
e97c83 |
- FullDataSize = DataSize
|
|
|
e97c83 |
- + sizeof (*CertList)
|
|
|
e97c83 |
- + sizeof (EFI_GUID)
|
|
|
e97c83 |
- + vendor_cert_size
|
|
|
e97c83 |
- ;
|
|
|
e97c83 |
- FullData = AllocatePool(FullDataSize);
|
|
|
e97c83 |
- if (!FullData) {
|
|
|
e97c83 |
- perror(L"Failed to allocate space for MokListRT\n");
|
|
|
e97c83 |
- return EFI_OUT_OF_RESOURCES;
|
|
|
e97c83 |
- }
|
|
|
e97c83 |
- p = FullData;
|
|
|
e97c83 |
+ if (vendor_cert_size) {
|
|
|
e97c83 |
+ FullDataSize = DataSize
|
|
|
e97c83 |
+ + sizeof (*CertList)
|
|
|
e97c83 |
+ + sizeof (EFI_GUID)
|
|
|
e97c83 |
+ + vendor_cert_size
|
|
|
e97c83 |
+ ;
|
|
|
e97c83 |
+ FullData = AllocatePool(FullDataSize);
|
|
|
e97c83 |
+ if (!FullData) {
|
|
|
e97c83 |
+ perror(L"Failed to allocate space for MokListRT\n");
|
|
|
e97c83 |
+ return EFI_OUT_OF_RESOURCES;
|
|
|
e97c83 |
+ }
|
|
|
e97c83 |
+ p = FullData;
|
|
|
e97c83 |
|
|
|
e97c83 |
- if (efi_status == EFI_SUCCESS && DataSize > 0) {
|
|
|
e97c83 |
- CopyMem(p, Data, DataSize);
|
|
|
e97c83 |
- p += DataSize;
|
|
|
e97c83 |
+ if (efi_status == EFI_SUCCESS && DataSize > 0) {
|
|
|
e97c83 |
+ CopyMem(p, Data, DataSize);
|
|
|
e97c83 |
+ p += DataSize;
|
|
|
e97c83 |
+ }
|
|
|
e97c83 |
+ CertList = (EFI_SIGNATURE_LIST *)p;
|
|
|
e97c83 |
+ p += sizeof (*CertList);
|
|
|
e97c83 |
+ CertData = (EFI_SIGNATURE_DATA *)p;
|
|
|
e97c83 |
+ p += sizeof (EFI_GUID);
|
|
|
e97c83 |
+
|
|
|
e97c83 |
+ CertList->SignatureType = EFI_CERT_X509_GUID;
|
|
|
e97c83 |
+ CertList->SignatureListSize = vendor_cert_size
|
|
|
e97c83 |
+ + sizeof (*CertList)
|
|
|
e97c83 |
+ + sizeof (*CertData)
|
|
|
e97c83 |
+ -1;
|
|
|
e97c83 |
+ CertList->SignatureHeaderSize = 0;
|
|
|
e97c83 |
+ CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID);
|
|
|
e97c83 |
+
|
|
|
e97c83 |
+ CertData->SignatureOwner = SHIM_LOCK_GUID;
|
|
|
e97c83 |
+ CopyMem(p, vendor_cert, vendor_cert_size);
|
|
|
e97c83 |
+ } else {
|
|
|
e97c83 |
+ FullDataSize = DataSize;
|
|
|
e97c83 |
+ FullData = Data;
|
|
|
e97c83 |
}
|
|
|
e97c83 |
- CertList = (EFI_SIGNATURE_LIST *)p;
|
|
|
e97c83 |
- p += sizeof (*CertList);
|
|
|
e97c83 |
- CertData = (EFI_SIGNATURE_DATA *)p;
|
|
|
e97c83 |
- p += sizeof (EFI_GUID);
|
|
|
e97c83 |
-
|
|
|
e97c83 |
- CertList->SignatureType = EFI_CERT_X509_GUID;
|
|
|
e97c83 |
- CertList->SignatureListSize = vendor_cert_size
|
|
|
e97c83 |
- + sizeof (*CertList)
|
|
|
e97c83 |
- + sizeof (*CertData)
|
|
|
e97c83 |
- -1;
|
|
|
e97c83 |
- CertList->SignatureHeaderSize = 0;
|
|
|
e97c83 |
- CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID);
|
|
|
e97c83 |
-
|
|
|
e97c83 |
- CertData->SignatureOwner = SHIM_LOCK_GUID;
|
|
|
e97c83 |
- CopyMem(p, vendor_cert, vendor_cert_size);
|
|
|
e97c83 |
|
|
|
e97c83 |
efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT",
|
|
|
e97c83 |
&shim_lock_guid,
|
|
|
e97c83 |
--
|
|
|
e97c83 |
1.9.3
|
|
|
e97c83 |
|