@@ -14,9 +14,15 @@
#include <asm/secure_boot.h>
#include <asm/secvar.h>
#include "keyring_handler.h"
+#include "../integrity.h"
/*
* Get a certificate list blob from the named secure variable.
+ *
+ * Returns:
+ * - a pointer to a kmalloc'd buffer containing the cert list on success
+ * - NULL if the key does not exist
+ * - an ERR_PTR on error
*/
static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size)
{
@@ -25,19 +31,19 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size)
rc = secvar_ops->get(key, keylen, NULL, size);
if (rc) {
- pr_err("Couldn't get size: %d\n", rc);
- return NULL;
+ if (rc == -ENOENT)
+ return NULL;
+ return ERR_PTR(rc);
}
db = kmalloc(*size, GFP_KERNEL);
if (!db)
- return NULL;
+ return ERR_PTR(-ENOMEM);
rc = secvar_ops->get(key, keylen, db, size);
if (rc) {
kfree(db);
- pr_err("Error reading %s var: %d\n", key, rc);
- return NULL;
+ return ERR_PTR(rc);
}
return db;
@@ -69,7 +75,11 @@ static int __init load_powerpc_certs(void)
*/
db = get_cert_list("db", 3, &dbsize);
if (!db) {
- pr_err("Couldn't get db list from firmware\n");
+ pr_info("Couldn't get db list from firmware\n");
+ } else if (IS_ERR(db)) {
+ rc = PTR_ERR(db);
+ pr_err("Error reading db from firmware: %d\n", rc);
+ return rc;
} else {
rc = parse_efi_signature_list("powerpc:db", db, dbsize,
get_handler_for_db);
@@ -81,6 +91,10 @@ static int __init load_powerpc_certs(void)
dbx = get_cert_list("dbx", 4, &dbxsize);
if (!dbx) {
pr_info("Couldn't get dbx list from firmware\n");
+ } else if (IS_ERR(dbx)) {
+ rc = PTR_ERR(dbx);
+ pr_err("Error reading dbx from firmware: %d\n", rc);
+ return rc;
} else {
rc = parse_efi_signature_list("powerpc:dbx", dbx, dbxsize,
get_handler_for_dbx);