From 86173dba42ad5ae002ac99cc515e60104da2245c Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 25 Jun 2014 10:46:19 -0400 Subject: [PATCH 39/74] Explain the logic in secure_mode() better. I was getting confused reading it, and I wrote it, so clearly it needs more commentry. Signed-off-by: Peter Jones --- shim.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/shim.c b/shim.c index 72d6072..210e778 100644 --- a/shim.c +++ b/shim.c @@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void) return FALSE; } + /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode", + * then the implementation is bad, but we assume that secure boot is + * enabled according to the status of "SecureBoot". If we have both + * of them, then "SetupMode" may tell us additional data, and we need + * to consider it. + */ status = get_variable(L"SetupMode", &Data, &len, global_var); if (status != EFI_SUCCESS) return TRUE; -- 1.9.3