[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] common/efi: bail if dom0 fails the shim verification step

On Thu, Sep 21, 2017 at 7:03 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
>>>> On 20.09.17 at 22:57, <tamas@xxxxxxxxxxxxx> wrote:
>> --- a/xen/common/efi/boot.c
>> +++ b/xen/common/efi/boot.c
>> @@ -1226,9 +1226,13 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE 
>> *SystemTable)
>>          efi_bs->FreePool(name.w);
>>
>>          if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,
>> -                        (void **)&shim_lock)) &&
>> -             (status = shim_lock->Verify(kernel.ptr, kernel.size)) != 
>> EFI_SUCCESS )
>> -            PrintErrMesg(L"Dom0 kernel image could not be verified", 
>> status);
>> +                        (void **)&shim_lock)))
>> +        {
>> +            if  ( shim_lock->Verify(kernel.ptr, kernel.size) != EFI_SUCCESS 
>> )
>> +                blexit(L"Dom0 kernel image could not be verified by the 
>> shim.");
>> +
>> +            PrintStr(L"Dom0 kernel image was verified by the shim.\r\n");
>> +        }
>
> So what is the actual behavioral change you're trying to
> accomplish? PrintErrMesg() already calls blexit(),

Indeed, I've somehow missed that. Sorry for the noise.

Tamas

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.