Hi Heinrich
[...]
> >> - if (!u16_strcmp(name, L"PK") || !u16_strcmp(name, L"KEK")) {
> >> - vendor = &efi_global_variable_guid;
> >> - } else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) {
> >> - vendor = &efi_guid_image_security_database;
> >> - } else {
> >> + vendor = efi_auth_var_get_guid(name);
> >> + if (!vendor) {
> >> EFI_PRINT("unknown signature database, %ls\n", name);
> >> return NULL;
> >> }
> >
> > efi_auth_var_get_guid() will return &efi_global_variable_guid if the
> > GUID for the variable name isn't found.
>
> Hello Ilias, that is on purpose. In nevedit_efi we need a default GUID.
> I want to reuse the same function there in future.
>
> Best regards
Then I guess the check can go away ?
>
> Heinrich
>
> >
> >>
> >> - /* retrieve variable data */
> >> - db_size = 0;
> >> - ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL));
> >> - if (ret == EFI_NOT_FOUND) {
> >> - EFI_PRINT("variable, %ls, not found\n", name);
> >> - sigstore = calloc(sizeof(*sigstore), 1);
> >> - return sigstore;
> >> - } else if (ret != EFI_BUFFER_TOO_SMALL) {
> >> - EFI_PRINT("Getting variable, %ls, failed\n", name);
> >> - return NULL;
> >> - }
> >> -
> >> - db = malloc(db_size);
> >> + db = efi_get_var(name, vendor, &db_size);
> >> if (!db) {
> >> - EFI_PRINT("Out of memory\n");
> >> - return NULL;
> >> - }
> >> -
> >> - ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
> >> - if (ret != EFI_SUCCESS) {
> >> - EFI_PRINT("Getting variable, %ls, failed\n", name);
> >> - free(db);
> >> - return NULL;
> >> + EFI_PRINT("variable, %ls, not found\n", name);
> >> + return calloc(sizeof(struct efi_signature_store), 1);
Why? From the patch alone it's not clear why you want to allocate
memory here instead of returning NULL.
> >> }
> >>
> >> return efi_build_signature_store(db, db_size);
> >> --
> >> 2.30.2
> >>
Cheers
/Ilias
