Check the vendor blacklist correctly

author Gary Ching-Pang Lin <glin@suse.com>

Tue, 30 Oct 2012 02:32:35 +0000 (10:32 +0800)

committer Peter Jones <pjones@redhat.com>

Tue, 30 Oct 2012 14:35:36 +0000 (10:35 -0400)
author Gary Ching-Pang Lin <glin@suse.com>
Tue, 30 Oct 2012 02:32:35 +0000 (10:32 +0800)
committer Peter Jones <pjones@redhat.com>
Tue, 30 Oct 2012 14:35:36 +0000 (10:35 -0400)
diff --git a/shim.c b/shim.c

index 0cd89b43031c9b7a5f68b4041c4331d17b519824..81e42314196989b5ce7c42fb86899027049427e3 100644 (file)
--- a/shim.c
+++ b/shim.c
@@ -341,14 +341,14 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
  
         if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha256hash,
                                  SHA256_DIGEST_SIZE, EfiHashSha256Guid) ==
-                               DATA_NOT_FOUND)
+                               DATA_FOUND)
                 return EFI_ACCESS_DENIED;
         if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha1hash,
                                  SHA1_DIGEST_SIZE, EfiHashSha1Guid) ==
-                               DATA_NOT_FOUND)
+                               DATA_FOUND)
                 return EFI_ACCESS_DENIED;
         if (check_db_cert_in_ram(vendor_dbx, vendor_dbx_size, cert,
-                                sha256hash) == DATA_NOT_FOUND)
+                                sha256hash) == DATA_FOUND)
                 return EFI_ACCESS_DENIED;
  
         if (check_db_hash(L"dbx", secure_var, sha256hash, SHA256_DIGEST_SIZE,
author	Gary Ching-Pang Lin <glin@suse.com>
	Tue, 30 Oct 2012 02:32:35 +0000 (10:32 +0800)
committer	Peter Jones <pjones@redhat.com>
	Tue, 30 Oct 2012 14:35:36 +0000 (10:35 -0400)