Re: [PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list

From: James Bottomley
Date: Tue Mar 13 2018 - 13:17:57 EST

Next message: James Bottomley: "Re: [PATCH 4/5] MODSIGN: checking the blacklisted hash before loading a kernel module"
Previous message: Pierre-Yves MORDRET: "[PATCH v1 0/2] Append some fixes and improvements"
In reply to: Lee, Chun-Yi: "[PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list"
Next in thread: joeyli: "Re: [PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2018-03-13 at 18:35 +0800, Lee, Chun-Yi wrote:
> When getting certificates list from UEFI variable, the original error
> message shows the state number from UEFI firmware. It's hard to be
> read by human. This patch changed the error message to show the
> appropriate string.
>
> The message will be showed as:
>
> [ÂÂÂÂ0.788529] MODSIGN: Couldn't get UEFI MokListRT: EFI_NOT_FOUND
> [ÂÂÂÂ0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND

I keep saying this, but these error messages need to be gated on the
presence of shim for the non-shim secure boot case. ÂYou can't assume
the shim variables are there because they won't be in the case of a
fully owned system.

James

Next message: James Bottomley: "Re: [PATCH 4/5] MODSIGN: checking the blacklisted hash before loading a kernel module"
Previous message: Pierre-Yves MORDRET: "[PATCH v1 0/2] Append some fixes and improvements"
In reply to: Lee, Chun-Yi: "[PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list"
Next in thread: joeyli: "Re: [PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]