Blame SOURCES/0010-Clarify-meaning-of-insecure_mode.patch

f2fa6b
From d95b24bd02cf41cca9adebd95f10609d6424d2b3 Mon Sep 17 00:00:00 2001
f2fa6b
From: Matthew Garrett <matthew.garrett@nebula.com>
f2fa6b
Date: Tue, 19 Nov 2013 10:09:13 -0500
f2fa6b
Subject: [PATCH 10/19] Clarify meaning of insecure_mode
f2fa6b
f2fa6b
insecure_mode was intended to indicate that the user had explicity disabled
f2fa6b
checks with mokutil, which means it wasn't the opposite of secure_mode().
f2fa6b
Change the names to clarify this and don't show the insecure mode message
f2fa6b
unless the user has explicitly enabled that mode.
f2fa6b
f2fa6b
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
f2fa6b
---
f2fa6b
 replacements.c |  6 ------
f2fa6b
 shim.c         | 12 ++++++------
f2fa6b
 2 files changed, 6 insertions(+), 12 deletions(-)
f2fa6b
f2fa6b
diff --git a/replacements.c b/replacements.c
f2fa6b
index bac5e5d..5ea5c32 100644
f2fa6b
--- a/replacements.c
f2fa6b
+++ b/replacements.c
f2fa6b
@@ -64,13 +64,9 @@ static typeof(systab->BootServices->StartImage) system_start_image;
f2fa6b
 static typeof(systab->BootServices->Exit) system_exit;
f2fa6b
 static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services;
f2fa6b
 
f2fa6b
-extern UINT8 insecure_mode;
f2fa6b
-
f2fa6b
 void
f2fa6b
 unhook_system_services(void)
f2fa6b
 {
f2fa6b
-	if (insecure_mode)
f2fa6b
-		return;
f2fa6b
 	systab->BootServices->Exit = system_exit;
f2fa6b
 	systab->BootServices->StartImage = system_start_image;
f2fa6b
 	systab->BootServices->ExitBootServices = system_exit_boot_services;
f2fa6b
@@ -123,8 +119,6 @@ exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus,
f2fa6b
 void
f2fa6b
 hook_system_services(EFI_SYSTEM_TABLE *local_systab)
f2fa6b
 {
f2fa6b
-	if (insecure_mode)
f2fa6b
-		return;
f2fa6b
 	systab = local_systab;
f2fa6b
 
f2fa6b
 	/* We need to hook various calls to make this work... */
f2fa6b
diff --git a/shim.c b/shim.c
f2fa6b
index 9ae1936..524f5fc 100644
f2fa6b
--- a/shim.c
f2fa6b
+++ b/shim.c
f2fa6b
@@ -85,7 +85,7 @@ int loader_is_participating;
f2fa6b
 
f2fa6b
 #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
f2fa6b
 
f2fa6b
-UINT8 insecure_mode;
f2fa6b
+UINT8 user_insecure_mode;
f2fa6b
 UINT8 ignore_db;
f2fa6b
 
f2fa6b
 typedef enum {
f2fa6b
@@ -456,7 +456,7 @@ static BOOLEAN secure_mode (void)
f2fa6b
 	UINT8 *Data;
f2fa6b
 	UINT8 sb, setupmode;
f2fa6b
 
f2fa6b
-	if (insecure_mode)
f2fa6b
+	if (user_insecure_mode)
f2fa6b
 		return FALSE;
f2fa6b
 
f2fa6b
 	status = get_variable(L"SecureBoot", &Data, &len, global_var);
f2fa6b
@@ -1534,7 +1534,7 @@ static EFI_STATUS check_mok_sb (void)
f2fa6b
 	UINTN MokSBStateSize = 0;
f2fa6b
 	UINT32 attributes;
f2fa6b
 
f2fa6b
-	insecure_mode = 0;
f2fa6b
+	user_insecure_mode = 0;
f2fa6b
 	ignore_db = 0;
f2fa6b
 
f2fa6b
 	status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize,
f2fa6b
@@ -1555,7 +1555,7 @@ static EFI_STATUS check_mok_sb (void)
f2fa6b
 		status = EFI_ACCESS_DENIED;
f2fa6b
 	} else {
f2fa6b
 		if (*(UINT8 *)MokSBState == 1) {
f2fa6b
-			insecure_mode = 1;
f2fa6b
+			user_insecure_mode = 1;
f2fa6b
 		}
f2fa6b
 	}
f2fa6b
 
f2fa6b
@@ -1753,10 +1753,10 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
f2fa6b
 	/*
f2fa6b
 	 * Tell the user that we're in insecure mode if necessary
f2fa6b
 	 */
f2fa6b
-	if (!secure_mode()) {
f2fa6b
+	if (user_insecure_mode) {
f2fa6b
 		Print(L"Booting in insecure mode\n");
f2fa6b
 		uefi_call_wrapper(BS->Stall, 1, 2000000);
f2fa6b
-	} else {
f2fa6b
+	} else if (secure_mode()) {
f2fa6b
 		/*
f2fa6b
 		 * Install our hooks for ExitBootServices() and StartImage()
f2fa6b
 		 */
f2fa6b
-- 
f2fa6b
1.8.5.3
f2fa6b