Blame SOURCES/0209-grub-core-loader-efi-linux.c-drop-now-unused-grub_li.patch

fd0330
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
fd0330
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
fd0330
Date: Fri, 4 Mar 2022 11:36:09 +0100
fd0330
Subject: [PATCH] grub-core/loader/efi/linux.c: drop now unused
fd0330
 grub_linuxefi_secure_validate
fd0330
fd0330
Drop the now unused grub_linuxefi_secure_validate() as all prior users
fd0330
of this API now rely on the shim-lock-verifier codepath instead.
fd0330
fd0330
This patch must not be ported to older editions of grub code bases
fd0330
that do not have verifiers framework, or it is not builtin, or
fd0330
shim-lock-verifier is an optional module.
fd0330
fd0330
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
fd0330
---
fd0330
 grub-core/loader/efi/linux.c | 40 ----------------------------------------
fd0330
 include/grub/efi/linux.h     |  2 --
fd0330
 2 files changed, 42 deletions(-)
fd0330
fd0330
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
fd0330
index 9260731c10..9265cf4200 100644
fd0330
--- a/grub-core/loader/efi/linux.c
fd0330
+++ b/grub-core/loader/efi/linux.c
fd0330
@@ -24,46 +24,6 @@
fd0330
 #include <grub/efi/pe32.h>
fd0330
 #include <grub/efi/linux.h>
fd0330
 
fd0330
-#define SHIM_LOCK_GUID \
fd0330
- { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
fd0330
-
fd0330
-struct grub_efi_shim_lock
fd0330
-{
fd0330
-  grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
fd0330
-};
fd0330
-typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
fd0330
-
fd0330
-// Returns 1 on success, -1 on error, 0 when not available
fd0330
-int
fd0330
-grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
fd0330
-{
fd0330
-  grub_efi_guid_t guid = SHIM_LOCK_GUID;
fd0330
-  grub_efi_shim_lock_t *shim_lock;
fd0330
-  grub_efi_status_t status;
fd0330
-
fd0330
-  shim_lock = grub_efi_locate_protocol(&guid, NULL);
fd0330
-  grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
fd0330
-  if (!shim_lock)
fd0330
-    {
fd0330
-      grub_dprintf ("secureboot", "shim not available\n");
fd0330
-      return 0;
fd0330
-    }
fd0330
-
fd0330
-  grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n");
fd0330
-  status = shim_lock->verify (data, size);
fd0330
-  grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", (long int)status);
fd0330
-  if (status == GRUB_EFI_SUCCESS)
fd0330
-    {
fd0330
-      grub_dprintf ("secureboot", "Kernel signature verification passed\n");
fd0330
-      return 1;
fd0330
-    }
fd0330
-
fd0330
-  grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n",
fd0330
-		(unsigned long) status);
fd0330
-
fd0330
-  return -1;
fd0330
-}
fd0330
-
fd0330
 #pragma GCC diagnostic push
fd0330
 #pragma GCC diagnostic ignored "-Wcast-align"
fd0330
 
fd0330
diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h
fd0330
index 0033d9305a..887b02fd9f 100644
fd0330
--- a/include/grub/efi/linux.h
fd0330
+++ b/include/grub/efi/linux.h
fd0330
@@ -22,8 +22,6 @@
fd0330
 #include <grub/err.h>
fd0330
 #include <grub/symbol.h>
fd0330
 
fd0330
-int
fd0330
-EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size);
fd0330
 grub_err_t
fd0330
 EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset,
fd0330
 				  void *kernel_param);