]> git.ozlabs.org Git - petitboot/blobdiff - ui/ncurses/nc-cui.c
projects / petitboot / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
lib/security: hard_lockdown flag to stop runtime disable of signed boot
[petitboot] / ui / ncurses / nc-cui.c
diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
index ee6df87b0c7d0a00f305a6460235d3b7215d93b3..8a3f97dc9b593f58bd14d40989b6d389eacf2365 100644 (file)
--- a/ui/ncurses/nc-cui.c
+++ b/ui/ncurses/nc-cui.c
@@ -61,10 +61,14 @@ static void cui_cancel_autoboot_on_exit(struct cui *cui);
 
 static bool lockdown_active(void)
 {
+#if defined(SIGNED_BOOT) && defined(HARD_LOCKDOWN)
+       return true;
+#else
        bool lockdown = false;
        if (access(LOCKDOWN_FILE, F_OK) != -1)
                lockdown = true;
        return lockdown;
+#endif
 }
 
 static void cui_start(void)
@@ -964,8 +968,8 @@ fallback:
         * If this option was faked above move the context under
         * the item so it is cleaned up later in cui_plugins_remove().
         */
-       if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
-                               cod->dev->type == DEVICE_TYPE_UNKNOWN)) {
+       if (strcmp(cod->opt->id, "dummy") == 0 &&
+                       cod->dev->type == DEVICE_TYPE_UNKNOWN) {
                talloc_steal(item, cod->dev);
                talloc_steal(item, cod->opt);
        }
@@ -1574,7 +1578,8 @@ static void cui_cancel_autoboot_on_exit(struct cui *cui)
 
 int cui_run(struct cui *cui)
 {
-       assert(main);
+       assert(cui);
+       assert(cui->main);
 
        cui->current = &cui->main->scr;
        cui->default_item = 0;
kexec-based bootloader