|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 1/2] common/efi: bail if dom0 fails the shim verification step
From: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>
If the shim protocol is located it is expected that the dom0 kernel image
will also pass the shim verification.
Signed-off-by: Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/common/efi/boot.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index 01d33004e0..a3a439b838 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -1226,9 +1226,13 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE
*SystemTable)
efi_bs->FreePool(name.w);
if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,
- (void **)&shim_lock)) &&
- (status = shim_lock->Verify(kernel.ptr, kernel.size)) !=
EFI_SUCCESS )
- PrintErrMesg(L"Dom0 kernel image could not be verified", status);
+ (void **)&shim_lock)))
+ {
+ if ( shim_lock->Verify(kernel.ptr, kernel.size) != EFI_SUCCESS )
+ blexit(L"Dom0 kernel image could not be verified by the
shim.");
+
+ PrintStr(L"Dom0 kernel image was verified by the shim.\r\n");
+ }
name.s = get_value(&cfg, section.s, "ramdisk");
if ( name.s )
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |