From: Peter Jones Date: Mon, 2 Oct 2017 18:25:29 -0400 Subject: [PATCH 6/7] Make get_cert_list() not complain about cert lists that aren't present. Origin: https://git.kernel.org/pub/scm/linux/kernel/git/jforbes/linux.git/commit/?id=0f4d5c7b49b45e7cf038bb769e33451b78a6445d Signed-off-by: Peter Jones --- certs/load_uefi.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) Index: linux/certs/load_uefi.c =================================================================== --- linux.orig/certs/load_uefi.c +++ linux/certs/load_uefi.c @@ -35,8 +35,8 @@ static __init bool uefi_check_ignore_db( /* * Get a certificate list blob from the named EFI variable. */ -static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, - unsigned long *size) +static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid, + unsigned long *size, void **cert_list) { efi_status_t status; unsigned long lsize = 4; @@ -44,26 +44,33 @@ static __init void *get_cert_list(efi_ch void *db; status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); + if (status == EFI_NOT_FOUND) { + *size = 0; + *cert_list = NULL; + return 0; + } + if (status != EFI_BUFFER_TOO_SMALL) { pr_err("Couldn't get size: 0x%lx\n", status); - return NULL; + return efi_status_to_err(status); } db = kmalloc(lsize, GFP_KERNEL); if (!db) { pr_err("Couldn't allocate memory for uefi cert list\n"); - return NULL; + return -ENOMEM; } status = efi.get_variable(name, guid, NULL, &lsize, db); if (status != EFI_SUCCESS) { kfree(db); pr_err("Error reading db var: 0x%lx\n", status); - return NULL; + return efi_status_to_err(status); } *size = lsize; - return db; + *cert_list = db; + return 0; } /* @@ -152,10 +159,10 @@ static int __init load_uefi_certs(void) * an error if we can't get them. */ if (!uefi_check_ignore_db()) { - db = get_cert_list(L"db", &secure_var, &dbsize); - if (!db) { + rc = get_cert_list(L"db", &secure_var, &dbsize, &db); + if (rc < 0) { pr_err("MODSIGN: Couldn't get UEFI db list\n"); - } else { + } else if (dbsize != 0) { rc = parse_efi_signature_list("UEFI:db", db, dbsize, get_handler_for_db); if (rc) @@ -164,10 +171,10 @@ static int __init load_uefi_certs(void) } } - mok = get_cert_list(L"MokListRT", &mok_var, &moksize); - if (!mok) { + rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok); + if (rc < 0) { pr_info("MODSIGN: Couldn't get UEFI MokListRT\n"); - } else { + } else if (moksize != 0) { rc = parse_efi_signature_list("UEFI:MokListRT", mok, moksize, get_handler_for_db); if (rc) @@ -175,10 +182,10 @@ static int __init load_uefi_certs(void) kfree(mok); } - dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); - if (!dbx) { + rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx); + if (rc < 0) { pr_info("MODSIGN: Couldn't get UEFI dbx list\n"); - } else { + } else if (dbxsize != 0) { rc = parse_efi_signature_list("UEFI:dbx", dbx, dbxsize, get_handler_for_dbx);