arrfab / rpms / shim

Forked from rpms/shim 4 years ago
Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta
  1.   c7-aarch64
  2.   SOURCES
  3.   0065-Don-t-append-an-empty-cert-list-to-MokListRT-if-vend.patch
Blob Blame History Raw 
From f14119502ee3301e1ae80b5ab7fbe1ba46580e23 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 1 Oct 2014 22:47:20 -0400
Subject: [PATCH 65/74] Don't append an empty cert list to MokListRT if
 vendor_cert_size is 0.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 shim.c | 63 ++++++++++++++++++++++++++++++++++-----------------------------
 1 file changed, 34 insertions(+), 29 deletions(-)

diff --git a/shim.c b/shim.c
index 4baf8b1..a282ee3 100644
--- a/shim.c
+++ b/shim.c
@@ -1698,37 +1698,42 @@ EFI_STATUS mirror_mok_list()
 	if (efi_status != EFI_SUCCESS)
 		DataSize = 0;
 
-	FullDataSize = DataSize
-		     + sizeof (*CertList)
-		     + sizeof (EFI_GUID)
-		     + vendor_cert_size
-		     ;
-	FullData = AllocatePool(FullDataSize);
-	if (!FullData) {
-		perror(L"Failed to allocate space for MokListRT\n");
-		return EFI_OUT_OF_RESOURCES;
-	}
-	p = FullData;
+	if (vendor_cert_size) {
+		FullDataSize = DataSize
+			     + sizeof (*CertList)
+			     + sizeof (EFI_GUID)
+			     + vendor_cert_size
+			     ;
+		FullData = AllocatePool(FullDataSize);
+		if (!FullData) {
+			perror(L"Failed to allocate space for MokListRT\n");
+			return EFI_OUT_OF_RESOURCES;
+		}
+		p = FullData;
 
-	if (efi_status == EFI_SUCCESS && DataSize > 0) {
-		CopyMem(p, Data, DataSize);
-		p += DataSize;
+		if (efi_status == EFI_SUCCESS && DataSize > 0) {
+			CopyMem(p, Data, DataSize);
+			p += DataSize;
+		}
+		CertList = (EFI_SIGNATURE_LIST *)p;
+		p += sizeof (*CertList);
+		CertData = (EFI_SIGNATURE_DATA *)p;
+		p += sizeof (EFI_GUID);
+
+		CertList->SignatureType = EFI_CERT_X509_GUID;
+		CertList->SignatureListSize = vendor_cert_size
+					      + sizeof (*CertList)
+					      + sizeof (*CertData)
+					      -1;
+		CertList->SignatureHeaderSize = 0;
+		CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID);
+
+		CertData->SignatureOwner = SHIM_LOCK_GUID;
+		CopyMem(p, vendor_cert, vendor_cert_size);
+	} else {
+		FullDataSize = DataSize;
+		FullData = Data;
 	}
-	CertList = (EFI_SIGNATURE_LIST *)p;
-	p += sizeof (*CertList);
-	CertData = (EFI_SIGNATURE_DATA *)p;
-	p += sizeof (EFI_GUID);
-
-	CertList->SignatureType = EFI_CERT_X509_GUID;
-	CertList->SignatureListSize = vendor_cert_size
-				      + sizeof (*CertList)
-				      + sizeof (*CertData)
-				      -1;
-	CertList->SignatureHeaderSize = 0;
-	CertList->SignatureSize = vendor_cert_size + sizeof (EFI_GUID);
-
-	CertData->SignatureOwner = SHIM_LOCK_GUID;
-	CopyMem(p, vendor_cert, vendor_cert_size);
 
 	efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokListRT",
 				       &shim_lock_guid,
-- 
1.9.3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation