Blob Blame History Raw
From 755fa5ccf0834abdb7e50a1cb06fad618f6c9af6 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 9 May 2016 14:15:17 -0400
Subject: [PATCH 169/250] Add some grub_dprintf() in the secure boot verify
 code.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 grub-core/loader/efi/linux.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 2a7024134da..7fe7201a388 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -43,12 +43,22 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
   shim_lock = grub_efi_locate_protocol(&guid, NULL);
   grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);
   if (!shim_lock)
-    return 0;
+    {
+      grub_dprintf ("secureboot", "shim not available\n");
+      return 0;
+    }
 
-  status = shim_lock->verify(data, size);
+  grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n");
+  status = shim_lock->verify (data, size);
   grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status);
   if (status == GRUB_EFI_SUCCESS)
-    return 1;
+    {
+      grub_dprintf ("secureboot", "Kernel signature verification passed\n");
+      return 1;
+    }
+
+  grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n",
+		(unsigned long) status);
 
   return -1;
 }
-- 
2.14.3