/*
* Get a certificate list blob from the named EFI variable.
*/
-static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
- unsigned long *size)
+static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ unsigned long *size , void **cert_list)
{
efi_status_t status;
unsigned long lsize = 4;
void *db;
status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
+ if (status == EFI_NOT_FOUND) {
+ *size = 0;
+ *cert_list = NULL;
+ return 0;
+ }
+
if (status != EFI_BUFFER_TOO_SMALL) {
pr_err("Couldn't get size: 0x%lx\n", status);
- return NULL;
+ return efi_status_to_err(status);
}
db = kmalloc(lsize, GFP_KERNEL);
if (!db)
- return NULL;
+ return -ENOMEM;
status = efi.get_variable(name, guid, NULL, &lsize, db);
if (status != EFI_SUCCESS) {
kfree(db);
pr_err("Error reading db var: 0x%lx\n", status);
- return NULL;
+ return efi_status_to_err(status);
}
*size = lsize;
- return db;
+ *cert_list = db;
+ return 0;
}
/*
* an error if we can't get them.
*/
if (!uefi_check_ignore_db()) {
- db = get_cert_list(L"db", &secure_var, &dbsize);
- if (!db) {
+ rc = get_cert_list(L"db", &secure_var, &dbsize, &db);
+ if (rc < 0) {
pr_err("MODSIGN: Couldn't get UEFI db list\n");
- } else {
+ } else if (dbsize != 0) {
rc = parse_efi_signature_list("UEFI:db",
db, dbsize, get_handler_for_db);
if (rc)
}
}
- mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
- if (!mok) {
+ rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok);
+ if (rc < 0) {
pr_info("Couldn't get UEFI MokListRT\n");
- } else {
+ } else if (moksize != 0) {
rc = parse_efi_signature_list("UEFI:MokListRT",
mok, moksize, get_handler_for_db);
if (rc)
kfree(mok);
}
- dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
- if (!dbx) {
+ rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx);
+ if (rc < 0) {
pr_info("Couldn't get UEFI dbx list\n");
- } else {
+ } else if (dbxsize != 0) {
rc = parse_efi_signature_list("UEFI:dbx",
dbx, dbxsize,
get_handler_for_dbx);