From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 13 Feb 2014 14:32:18 +0800
Subject: [PATCH 1/3] Be more verbose while skipping a key

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 src/mokutil.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/mokutil.c b/src/mokutil.c
index 1c32313..3655b92 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
 			printf ("Removed %s from %s\n", files[i], reverse_req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		} else {
-			printf ("Skip %s\n", files[i]);
+			printf ("%s is already enrolled or in %s request\n", files[i],
+				import?"an enrollment":"a deletion");
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		}
 
-- 
1.8.4.5


From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 14:48:53 +0800
Subject: [PATCH 2/3] Show more details when skipping a key

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 src/mokutil.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/mokutil.c b/src/mokutil.c
index 3655b92..cd039f0 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
 	return 0;
 }
 
+static void
+print_skip_message (const char *filename, void *mok, uint32_t mok_size,
+		    uint8_t import)
+{
+	if (import) {
+		if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+			printf ("SKIP: %s is already in PK\n", filename);
+		else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+			printf ("SKIP: %s is already in KEK\n", filename);
+		else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+			printf ("SKIP: %s is already in db\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already enrolled\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already in the enrollement request\n", filename);
+	} else {
+		if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is not in MokList\n", filename);
+		else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+			printf ("SKIP: %s is already in the deletion request\n", filename);
+	}
+}
+
 static int
 issue_mok_request (char **files, uint32_t total, MokRequest req,
 		   const char *hash_file, const int root_pw)
@@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
 			printf ("Removed %s from %s\n", files[i], reverse_req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		} else {
-			printf ("%s is already enrolled or in %s request\n", files[i],
-				import?"an enrollment":"a deletion");
+			print_skip_message (files[i], ptr, sizes[i], import);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		}
 
-- 
1.8.4.5


From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 16:27:06 +0800
Subject: [PATCH 3/3] Merge MokX for print_skip_message()

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 src/mokutil.c | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/src/mokutil.c b/src/mokutil.c
index cd039f0..492dffc 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
 
 static void
 print_skip_message (const char *filename, void *mok, uint32_t mok_size,
-		    uint8_t import)
+		    MokRequest req)
 {
-	if (import) {
-		if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
+	efi_guid_t type = EfiCertX509Guid;
+
+	switch (req) {
+	case ENROLL_MOK:
+		if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "PK"))
 			printf ("SKIP: %s is already in PK\n", filename);
-		else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
+		else if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "KEK"))
 			printf ("SKIP: %s is already in KEK\n", filename);
-		else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
+		else if (is_duplicate (type, mok, mok_size, EFI_IMAGE_SECURITY_DATABASE_GUID, "db"))
 			printf ("SKIP: %s is already in db\n", filename);
-		else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
 			printf ("SKIP: %s is already enrolled\n", filename);
-		else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokNew"))
 			printf ("SKIP: %s is already in the enrollement request\n", filename);
-	} else {
-		if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
+		break;
+	case DELETE_MOK:
+		if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
 			printf ("SKIP: %s is not in MokList\n", filename);
-		else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokDel"))
 			printf ("SKIP: %s is already in the deletion request\n", filename);
+		break;
+	case ENROLL_BLACKLIST:
+		if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+			printf ("SKIP: %s is already in MokListX\n", filename);
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXNew"))
+			printf ("SKIP: %s is already in the MokX enrollment request\n", filename);
+		break;
+	case DELETE_BLACKLIST:
+		if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
+			printf ("SKIP: %s is not in MokListX\n", filename);
+		else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXDel"))
+			printf ("SKIP: %s is already in the MokX deletion request\n", filename);
+		break;
 	}
 }
 
@@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
 			printf ("Removed %s from %s\n", files[i], reverse_req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		} else {
-			print_skip_message (files[i], ptr, sizes[i], import);
+			print_skip_message (files[i], ptr, sizes[i], req);
 			ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
 		}
 
-- 
1.8.4.5