Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
shim-susesigned.20757
shim-bsc1185441-fix-handling-of-ignore_db-and-u...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch of Package shim-susesigned.20757
From 822d07ad4f07ef66fe447a130e1027c88d02a394 Mon Sep 17 00:00:00 2001 From: Adam Williamson <awilliam@redhat.com> Date: Thu, 8 Apr 2021 22:39:02 -0700 Subject: [PATCH] Fix handling of ignore_db and user_insecure_mode In 65be350308783a8ef537246c8ad0545b4e6ad069, import_mok_state() is split up into a function that manages the whole mok state, and one that handles the state machine for an individual state variable. Unfortunately, the code that initializes the global ignore_db and user_insecure_mode was copied from import_mok_state() into the new import_one_mok_state() function, and thus re-initializes that state each time it processes a MoK state variable, before even assessing if that variable is set. As a result, we never honor either flag, and the machine owner cannot disable trusting the system firmware's db/dbx databases or disable validation altogether. This patch removes the extra re-initialization, allowing those variables to be set properly. Signed-off-by: Adam Williamson <awilliam@redhat.com> --- mok.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/mok.c b/mok.c index 5ad9072b..9e37d6ab 100644 --- a/mok.c +++ b/mok.c @@ -888,9 +888,6 @@ EFI_STATUS import_one_mok_state(struct mok_state_variable *v, EFI_STATUS ret = EFI_SUCCESS; EFI_STATUS efi_status; - user_insecure_mode = 0; - ignore_db = 0; - UINT32 attrs = 0; BOOLEAN delete = FALSE; -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor