Blame SOURCES/0001-Make-sure-that-MOK-variables-always-get-mirrored.patch

24a050
From 9ab0d796bdc9cefdaa3b0df7434845d26c43d894 Mon Sep 17 00:00:00 2001
24a050
From: Patrick Uiterwijk <patrick@puiterwijk.org>
24a050
Date: Mon, 5 Nov 2018 14:51:16 +0100
24a050
Subject: [PATCH 1/3] Make sure that MOK variables always get mirrored
24a050
24a050
Without this, if a Mok variable doesn't exist in Boot Services, it will also
24a050
not be copied to Runtime, even if we have data to be added to it (vendor cert).
24a050
This patch makes sure that if we have extra data to append, we still mirror
24a050
the variable.
24a050
24a050
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
24a050
---
24a050
 mok.c | 20 ++++++++++++++++----
24a050
 1 file changed, 16 insertions(+), 4 deletions(-)
24a050
24a050
diff --git a/mok.c b/mok.c
24a050
index 38675211e0e..00dd1ad3034 100644
24a050
--- a/mok.c
24a050
+++ b/mok.c
24a050
@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
24a050
 		UINT32 attrs = 0;
24a050
 		BOOLEAN delete = FALSE, present, addend;
24a050
 
24a050
+		addend = (v->addend_source && v->addend_size &&
24a050
+			  *v->addend_source && *v->addend_size)
24a050
+			? TRUE : FALSE;
24a050
+
24a050
 		efi_status = get_variable_attr(v->name,
24a050
 					       &v->data, &v->data_size,
24a050
 					       *v->guid, &attrs);
24a050
-		if (efi_status == EFI_NOT_FOUND)
24a050
+		if (efi_status == EFI_NOT_FOUND) {
24a050
+			if (v->rtname && addend) {
24a050
+				efi_status = mirror_one_mok_variable(v);
24a050
+				if (EFI_ERROR(efi_status) &&
24a050
+				    ret != EFI_SECURITY_VIOLATION)
24a050
+					ret = efi_status;
24a050
+			}
24a050
+			/*
24a050
+			 * after possibly adding, we can continue, no
24a050
+			 * further checks to be done.
24a050
+			 */
24a050
 			continue;
24a050
+		}
24a050
 		if (EFI_ERROR(efi_status)) {
24a050
 			perror(L"Could not verify %s: %r\n", v->name,
24a050
 			       efi_status);
24a050
@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
24a050
 		}
24a050
 
24a050
 		present = (v->data && v->data_size) ? TRUE : FALSE;
24a050
-		addend = (v->addend_source && v->addend_size &&
24a050
-			  *v->addend_source && *v->addend_size)
24a050
-			? TRUE : FALSE;
24a050
 
24a050
 		if (v->flags & MOK_VARIABLE_MEASURE && present) {
24a050
 			/*
24a050
-- 
24a050
2.20.1
24a050