Blame SOURCES/0039-Explain-the-logic-in-secure_mode-better.patch
|
 |
e97c83 |
From 86173dba42ad5ae002ac99cc515e60104da2245c Mon Sep 17 00:00:00 2001
|
|
|
e97c83 |
From: Peter Jones <pjones@redhat.com>
|
|
|
e97c83 |
Date: Wed, 25 Jun 2014 10:46:19 -0400
|
|
|
e97c83 |
Subject: [PATCH 39/74] Explain the logic in secure_mode() better.
|
|
|
e97c83 |
|
|
|
e97c83 |
I was getting confused reading it, and I wrote it, so clearly it needs
|
|
|
e97c83 |
more commentry.
|
|
|
e97c83 |
|
|
|
e97c83 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
e97c83 |
---
|
|
|
e97c83 |
shim.c | 6 ++++++
|
|
|
e97c83 |
1 file changed, 6 insertions(+)
|
|
|
e97c83 |
|
|
|
e97c83 |
diff --git a/shim.c b/shim.c
|
|
|
e97c83 |
index 72d6072..210e778 100644
|
|
|
e97c83 |
--- a/shim.c
|
|
|
e97c83 |
+++ b/shim.c
|
|
|
e97c83 |
@@ -499,6 +499,12 @@ static BOOLEAN secure_mode (void)
|
|
|
e97c83 |
return FALSE;
|
|
|
e97c83 |
}
|
|
|
e97c83 |
|
|
|
e97c83 |
+ /* If we /do/ have "SecureBoot", but /don't/ have "SetupMode",
|
|
|
e97c83 |
+ * then the implementation is bad, but we assume that secure boot is
|
|
|
e97c83 |
+ * enabled according to the status of "SecureBoot". If we have both
|
|
|
e97c83 |
+ * of them, then "SetupMode" may tell us additional data, and we need
|
|
|
e97c83 |
+ * to consider it.
|
|
|
e97c83 |
+ */
|
|
|
e97c83 |
status = get_variable(L"SetupMode", &Data, &len, global_var);
|
|
|
e97c83 |
if (status != EFI_SUCCESS)
|
|
|
e97c83 |
return TRUE;
|
|
|
e97c83 |
--
|
|
|
e97c83 |
1.9.3
|
|
|
e97c83 |
|