Blame SOURCES/0020-Make-sure-that-MOK-variables-always-get-mirrored.patch

d84fc6
From ac0400b20264ef67b67891d2216edd3fe20e5571 Mon Sep 17 00:00:00 2001
d84fc6
From: Patrick Uiterwijk <patrick@puiterwijk.org>
d84fc6
Date: Mon, 5 Nov 2018 14:51:16 +0100
d84fc6
Subject: [PATCH 20/62] Make sure that MOK variables always get mirrored
d84fc6
d84fc6
Without this, if a Mok variable doesn't exist in Boot Services, it will also
d84fc6
not be copied to Runtime, even if we have data to be added to it (vendor cert).
d84fc6
This patch makes sure that if we have extra data to append, we still mirror
d84fc6
the variable.
d84fc6
d84fc6
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
d84fc6
Upstream-commit-id: 9ab0d796bdc
d84fc6
---
d84fc6
 mok.c | 20 ++++++++++++++++----
d84fc6
 1 file changed, 16 insertions(+), 4 deletions(-)
d84fc6
d84fc6
diff --git a/mok.c b/mok.c
d84fc6
index 38675211e0e..00dd1ad3034 100644
d84fc6
--- a/mok.c
d84fc6
+++ b/mok.c
d84fc6
@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
d84fc6
 		UINT32 attrs = 0;
d84fc6
 		BOOLEAN delete = FALSE, present, addend;
d84fc6
 
d84fc6
+		addend = (v->addend_source && v->addend_size &&
d84fc6
+			  *v->addend_source && *v->addend_size)
d84fc6
+			? TRUE : FALSE;
d84fc6
+
d84fc6
 		efi_status = get_variable_attr(v->name,
d84fc6
 					       &v->data, &v->data_size,
d84fc6
 					       *v->guid, &attrs);
d84fc6
-		if (efi_status == EFI_NOT_FOUND)
d84fc6
+		if (efi_status == EFI_NOT_FOUND) {
d84fc6
+			if (v->rtname && addend) {
d84fc6
+				efi_status = mirror_one_mok_variable(v);
d84fc6
+				if (EFI_ERROR(efi_status) &&
d84fc6
+				    ret != EFI_SECURITY_VIOLATION)
d84fc6
+					ret = efi_status;
d84fc6
+			}
d84fc6
+			/*
d84fc6
+			 * after possibly adding, we can continue, no
d84fc6
+			 * further checks to be done.
d84fc6
+			 */
d84fc6
 			continue;
d84fc6
+		}
d84fc6
 		if (EFI_ERROR(efi_status)) {
d84fc6
 			perror(L"Could not verify %s: %r\n", v->name,
d84fc6
 			       efi_status);
d84fc6
@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
d84fc6
 		}
d84fc6
 
d84fc6
 		present = (v->data && v->data_size) ? TRUE : FALSE;
d84fc6
-		addend = (v->addend_source && v->addend_size &&
d84fc6
-			  *v->addend_source && *v->addend_size)
d84fc6
-			? TRUE : FALSE;
d84fc6
 
d84fc6
 		if (v->flags & MOK_VARIABLE_MEASURE && present) {
d84fc6
 			/*
d84fc6
-- 
d84fc6
2.26.2
d84fc6