security_policy: don't allow internal hash to override dbx

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
author: James Bottomley <JBottomley@Parallels.com> 2013-01-07 17:40:10 +0000
committer: James Bottomley <JBottomley@Parallels.com> 2013-01-07 17:40:10 +0000
commit: 99772ec5e09f1994984f1734f9cbb1107ddbdf5e (patch)
tree: f439e8cb2065ff888e9c23b201871630e6b67daf
parent: 352b6d724551f6cd4d0877c49c3de5123b93ebfd (diff)
download: efitools-99772ec5e09f1994984f1734f9cbb1107ddbdf5e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/security_policy.c b/lib/security_policy.c
index c6f242f..31f5834 100644
--- a/lib/security_policy.c
+++ b/lib/security_policy.c
@@ -81,7 +81,7 @@ security_policy_check_mok(void *data, UINTN len)
 	if (find_in_variable_esl(L"dbx", SIG_DB, hash, SHA256_DIGEST_SIZE)
 	    == EFI_SUCCESS)
 		/* MOK list cannot override dbx */
-		goto check_tmplist;
+		return EFI_SECURITY_VIOLATION;
 
 	status = get_variable_attr(L"MokList", &VarData, &VarLen, MOK_OWNER,
 				   &attr);
author	James Bottomley <JBottomley@Parallels.com>	2013-01-07 17:40:10 +0000
committer	James Bottomley <JBottomley@Parallels.com>	2013-01-07 17:40:10 +0000
commit	99772ec5e09f1994984f1734f9cbb1107ddbdf5e (patch)
tree	f439e8cb2065ff888e9c23b201871630e6b67daf
parent	352b6d724551f6cd4d0877c49c3de5123b93ebfd (diff)
download	efitools-99772ec5e09f1994984f1734f9cbb1107ddbdf5e.tar.gz