[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] common/efi: bail if dom0 fails the shim verification step

>>> On 20.09.17 at 22:57, <tamas@xxxxxxxxxxxxx> wrote:
> --- a/xen/common/efi/boot.c
> +++ b/xen/common/efi/boot.c
> @@ -1226,9 +1226,13 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE 
> *SystemTable)
>          efi_bs->FreePool(name.w);
>  
>          if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,
> -                        (void **)&shim_lock)) &&
> -             (status = shim_lock->Verify(kernel.ptr, kernel.size)) != 
> EFI_SUCCESS )
> -            PrintErrMesg(L"Dom0 kernel image could not be verified", status);
> +                        (void **)&shim_lock)))
> +        {
> +            if  ( shim_lock->Verify(kernel.ptr, kernel.size) != EFI_SUCCESS )
> +                blexit(L"Dom0 kernel image could not be verified by the 
> shim.");
> +
> +            PrintStr(L"Dom0 kernel image was verified by the shim.\r\n");
> +        }

So what is the actual behavioral change you're trying to
accomplish? PrintErrMesg() already calls blexit(), and I hope
sure the purpose of the change is neither to open code
anything, nor to drop the printing of the error code. And I
don't see any value in the success case message - it'll be
visible for a very brief moment at best anyway.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.