diff options
| author | Jan Janssen <medhefgo@web.de> | 2022-08-03 11:05:12 +0200 |
|---|---|---|
| committer | Jan Janssen <medhefgo@web.de> | 2022-08-03 11:05:12 +0200 |
| commit | f234a56db597c04b7c923469962a54637c381bb9 (patch) | |
| tree | 86aee1e0a7ee375a5cd297e77052111dbd85c3e8 | |
| parent | This patch adds support for enrolling secure boot boot keys from sd-boot. (diff) | |
| download | systemd-f234a56db597c04b7c923469962a54637c381bb9.tar.xz systemd-f234a56db597c04b7c923469962a54637c381bb9.zip | |
boot: Follow-up fixes for #20255
| -rw-r--r-- | man/loader.conf.xml | 4 | ||||
| -rw-r--r-- | src/boot/efi/boot.c | 4 | ||||
| -rw-r--r-- | src/boot/efi/secure-boot.c | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/man/loader.conf.xml b/man/loader.conf.xml index acddb193d1..7aa1ed7254 100644 --- a/man/loader.conf.xml +++ b/man/loader.conf.xml @@ -248,9 +248,9 @@ and <filename>PK.esl</filename>. Note that these files need to be authenticated UEFI variables. See below for an example of how to generate them from regular X.509 keys.</para> - <programlisting>uuid=$(systemd-id128 new --) + <programlisting>uuid=$(systemd-id128 new --uuid) for key in PK KEK db; do - openssl req -new -x509 -subj "/CN=${key}/ -keyout "${key}.key" -out "${key}.crt" + openssl req -new -x509 -subj "/CN=${key}/" -keyout "${key}.key" -out "${key}.crt" openssl x509 -outform DER -in "${key}.crt" -out "${key}.cer" cert-to-efi-sig-list -g "${uuid}" "${key}.crt" "${key}.tmp" done diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c index db0bbab0f2..87771c477d 100644 --- a/src/boot/efi/boot.c +++ b/src/boot/efi/boot.c @@ -2690,8 +2690,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { /* if auto enrollment is activated, we try to load keys for the given entry. */ if (entry->type == LOADER_SECURE_BOOT_KEYS && config.secure_boot_enroll != ENROLL_OFF) { err = secure_boot_enroll_at(root_dir, entry->path); - if (err == EFI_SUCCESS) - return EFI_SUCCESS; + if (err != EFI_SUCCESS) + return err; continue; } diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c index 1da1026df5..aabe521eba 100644 --- a/src/boot/efi/secure-boot.c +++ b/src/boot/efi/secure-boot.c @@ -43,7 +43,7 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) { clear_screen(COLOR_NORMAL); - Print(L"Enrolling secure boot keys from directory: \\loader\\keys\\%s\n" + Print(L"Enrolling secure boot keys from directory: %s\n" L"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n", path); |