diff options
author | James Bottomley <JBottomley@Parallels.com> | 2013-01-07 17:40:10 +0000 |
---|---|---|
committer | James Bottomley <JBottomley@Parallels.com> | 2013-01-07 17:40:10 +0000 |
commit | 99772ec5e09f1994984f1734f9cbb1107ddbdf5e (patch) | |
tree | f439e8cb2065ff888e9c23b201871630e6b67daf | |
parent | 352b6d724551f6cd4d0877c49c3de5123b93ebfd (diff) | |
download | efitools-99772ec5e09f1994984f1734f9cbb1107ddbdf5e.tar.gz |
security_policy: don't allow internal hash to override dbx
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-rw-r--r-- | lib/security_policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/security_policy.c b/lib/security_policy.c index c6f242f..31f5834 100644 --- a/lib/security_policy.c +++ b/lib/security_policy.c @@ -81,7 +81,7 @@ security_policy_check_mok(void *data, UINTN len) if (find_in_variable_esl(L"dbx", SIG_DB, hash, SHA256_DIGEST_SIZE) == EFI_SUCCESS) /* MOK list cannot override dbx */ - goto check_tmplist; + return EFI_SECURITY_VIOLATION; status = get_variable_attr(L"MokList", &VarData, &VarLen, MOK_OWNER, &attr); |