pool/shim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
shim/shim-bsc1185261-relax-import_mok_state-check.patch
Gary Ching-Pang Lin 7f83b4b531 Accepting request 894182 from home:gary_lin:branches:devel:openSUSE:Factory 
- shim-install: instead of assuming "removable" for Azure, remove
  fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
  to make \EFI\Boot bootable and keep the boot option created by
  efibootmgr (bsc#1185464, bsc#1185961)

- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
  the check for import_mok_state() when Secure Boot is off.
  (bsc#1185261)

OBS-URL: https://build.opensuse.org/request/show/894182
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=181
2021-05-19 01:26:58 +00:00

58 lines
2.1 KiB
Diff
Raw Blame History

From 3e33205b9c957624df7e30a2e5e2847f23d37989 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 11 May 2021 10:41:43 +0800
Subject: [PATCH] Relax the check for import_mok_state()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
An openSUSE user reported(*) that shim 15.4 failed to boot the system
with the following message:
"Could not create MokListXRT: Out of Resources"
In the beginning, I thought it's caused by the growing size of
vendor-dbx. However, we found the following messages after set
SHIM_VERBOSE:
max_var_sz:8000 remaining_sz:85EC max_storage_sz:9000
SetVariable(“MokListXRT”, ... varsz=0x1404) = Out of Resources
Even though the firmware claimed the remaining storage size is 0x85EC,
it still rejected MokListXRT with size 0x1404. It seems that the return
values from QueryVariableInfo() are not reliable. Since this firmware
didn't really support Secure Boot, the variable mirroring is not so
critical, so we can just accept the failure of import_mok_state() and
continue boot.
(*) https://bugzilla.suse.com/show_bug.cgi?id=1185261
Signed-off-by: Gary Lin <glin@suse.com>
---
shim.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index c5cfbb83..d38ae2f0 100644
--- a/shim.c
+++ b/shim.c
@@ -1973,10 +1973,13 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
* boot-services-only state variables are what we think they are.
*/
efi_status = import_mok_state(image_handle);
- if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
+ if (!secure_mode() &&
+ (efi_status == EFI_INVALID_PARAMETER ||
+ efi_status == EFI_OUT_OF_RESOURCES)) {
/*
* Make copy failures fatal only if secure_mode is enabled, or
- * the error was anything else than EFI_INVALID_PARAMETER.
+ * the error was anything else than EFI_INVALID_PARAMETER or
+ * EFI_OUT_OF_RESOURCES.
* There are non-secureboot firmware implementations that don't
* reserve enough EFI variable memory to fit the variable.
*/
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink