Unhook system services as we exit.

If we never find a valid thing to boot, we need to undo the weird things
we've done.

Signed-off-by: Peter Jones <pjones@redhat.com>

diff --git a/replacements.c b/replacements.c
index b05b22026b7e29b19f87007abf3f0806dde178a5..bac5e5d7f04643164958704c5479270432d3276e 100644 (file)
--- a/replacements.c
+++ b/replacements.c
@@ -66,7 +66,7 @@ static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services;
 
 extern UINT8 insecure_mode;
 
-static void
+void
 unhook_system_services(void)
 {
        if (insecure_mode)

diff --git a/replacements.h b/replacements.h
index 806c03860bcea875dc0213047cf1e4a9109b5c99..5b57bc25d1b684915b49aae49176d426ab4152bd 100644 (file)
--- a/replacements.h
+++ b/replacements.h
@@ -39,5 +39,6 @@ extern verification_method_t verification_method;
 extern int loader_is_participating;
 
 extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab);
+extern void unhook_system_services(void);
 
 #endif /* SHIM_REPLACEMENTS_H */

diff --git a/shim.c b/shim.c
index 502a91ddca695d1e5d4cd347f4d716262be36093..c8759a583b4b3158f446cbb3f1eca86512b0cb57 100644 (file)
--- a/shim.c
+++ b/shim.c
@@ -1767,18 +1767,24 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 
        efi_status = init_grub(image_handle);
 
+#if defined(OVERRIDE_SECURITY_POLICY)
+       /*
+        * Clean up the security protocol hook
+        */
+       security_policy_uninstall();
+#endif
+
        /*
         * If we're back here then clean everything up before exiting
         */
        uefi_call_wrapper(BS->UninstallProtocolInterface, 3, handle,
                          &shim_lock_guid, &shim_lock_interface);
 
-#if defined(OVERRIDE_SECURITY_POLICY)
+
        /*
-        * Clean up the security protocol hook
+        * Remove our hooks from system services.
         */
-       security_policy_uninstall();
-#endif
+       unhook_system_services();
 
        /*
         * Free the space allocated for the alternative 2nd stage loader