Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix handling of ignore_db and user_insecure_mode
In 65be350, import_mok_state() is split up into a function that manages the whole mok state, and one that handles the state machine for an individual state variable. Unfortunately, the code that initializes the global ignore_db and user_insecure_mode was copied from import_mok_state() into the new import_one_mok_state() function, and thus re-initializes that state each time it processes a MoK state variable, before even assessing if that variable is set. As a result, we never honor either flag, and the machine owner cannot disable trusting the system firmware's db/dbx databases or disable validation altogether. This patch removes the extra re-initialization, allowing those variables to be set properly. Signed-off-by: Adam Williamson <awilliam@redhat.com>
- Loading branch information