On 9/12/21 21:23, Ilias Apalodimas wrote:
Hi Heinrich
[...]
- if (!u16_strcmp(name, L"PK") || !u16_strcmp(name, L"KEK")) {
- vendor = &efi_global_variable_guid;
- } else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) {
- vendor = &efi_guid_image_security_database;
- } else {
+ vendor = efi_auth_var_get_guid(name);
+ if (!vendor) {
EFI_PRINT("unknown signature database, %ls\n", name);
return NULL;
}
efi_auth_var_get_guid() will return &efi_global_variable_guid if the
GUID for the variable name isn't found.
Hello Ilias, that is on purpose. In nevedit_efi we need a default GUID.
I want to reuse the same function there in future.
Best regards
Then I guess the check can go away ?
Yes
Heinrich
- /* retrieve variable data */
- db_size = 0;
- ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL));
- if (ret == EFI_NOT_FOUND) {
- EFI_PRINT("variable, %ls, not found\n", name);
- sigstore = calloc(sizeof(*sigstore), 1);
- return sigstore;
- } else if (ret != EFI_BUFFER_TOO_SMALL) {
- EFI_PRINT("Getting variable, %ls, failed\n", name);
- return NULL;
- }
-
- db = malloc(db_size);
+ db = efi_get_var(name, vendor, &db_size);
if (!db) {
- EFI_PRINT("Out of memory\n");
- return NULL;
- }
-
- ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
- if (ret != EFI_SUCCESS) {
- EFI_PRINT("Getting variable, %ls, failed\n", name);
- free(db);
- return NULL;
+ EFI_PRINT("variable, %ls, not found\n", name);
+ return calloc(sizeof(struct efi_signature_store), 1);
Why? From the patch alone it's not clear why you want to allocate
memory here instead of returning NULL.
This is existing code. See the same lines deleted above.
Best regards
Heinrich
}
return efi_build_signature_store(db, db_size);
--
2.30.2
Cheers
/Ilias
