Linux Security Modules development
 help / color / mirror / Atom feed
* [PATCH] efi: Allow some cert-related UEFI variables to not be present
@ 2020-01-05 17:34 ignat.loskutov
  0 siblings, 0 replies; only message in thread
From: ignat.loskutov @ 2020-01-05 17:34 UTC (permalink / raw)
  To: Mimi Zohar, James Morris, Serge E. Hallyn
  Cc: linux-security-module, Ignat Loskutov

From: Ignat Loskutov <ignat.loskutov@gmail.com>

get_cert_list() prints an error message if no UEFI variable exists with
the given name. However, the calling code doesn't always consider this
an error. Fix by returning silently in this case.

Signed-off-by: Ignat Loskutov <ignat.loskutov@gmail.com>
---
 security/integrity/platform_certs/load_uefi.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index 111898aad56e..163ede8d2abc 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -43,6 +43,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
 	void *db;
 
 	status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+	if (status == EFI_NOT_FOUND)
+		return NULL;
 	if (status != EFI_BUFFER_TOO_SMALL) {
 		pr_err("Couldn't get size: 0x%lx\n", status);
 		return NULL;
-- 
2.20.1


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2020-01-05 17:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-05 17:34 [PATCH] efi: Allow some cert-related UEFI variables to not be present ignat.loskutov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox