grub2/0198-Add-some-grub_dprintf-in-the-secure-boot-verify-code.patch
Peter Jones da63b36ca7 Rebase to newer upstream and fix pmtimer.
- Rebase to current master
- Fix pmtimer calibration to not take forever to fail on kvm.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-01-17 15:41:44 -05:00

44 lines
1.4 KiB
Diff

From 0645ca1fc027741ae0d258a810a2a340b22785fc Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 9 May 2016 14:15:17 -0400
Subject: [PATCH 198/225] Add some grub_dprintf() in the secure boot verify
code.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
grub-core/loader/efi/linux.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 2a7024134..7fe7201a3 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -43,12 +43,22 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
shim_lock = grub_efi_locate_protocol(&guid, NULL);
grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
if (!shim_lock)
- return 0;
+ {
+ grub_dprintf ("secureboot", "shim not available\n");
+ return 0;
+ }
- status = shim_lock->verify(data, size);
+ grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n");
+ status = shim_lock->verify (data, size);
grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status);
if (status == GRUB_EFI_SUCCESS)
- return 1;
+ {
+ grub_dprintf ("secureboot", "Kernel signature verification passed\n");
+ return 1;
+ }
+
+ grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n",
+ (unsigned long) status);
return -1;
}
--
2.14.3