[PATCH] efi: Allow some cert-related UEFI variables to not be present
ignat.loskutov at gmail.com
ignat.loskutov at gmail.com
Sun Jan 5 17:34:24 UTC 2020
From: Ignat Loskutov <ignat.loskutov at gmail.com>
get_cert_list() prints an error message if no UEFI variable exists with
the given name. However, the calling code doesn't always consider this
an error. Fix by returning silently in this case.
Signed-off-by: Ignat Loskutov <ignat.loskutov at gmail.com>
---
security/integrity/platform_certs/load_uefi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index 111898aad56e..163ede8d2abc 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -43,6 +43,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
void *db;
status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status == EFI_NOT_FOUND)
+ return NULL;
if (status != EFI_BUFFER_TOO_SMALL) {
pr_err("Couldn't get size: 0x%lx\n", status);
return NULL;
--
2.20.1
More information about the Linux-security-module-archive
mailing list