gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
if (result == KEXEC_LOAD_DECRYPTION_FALURE) {
pb_log("%s: Aborting kexec due to"
" decryption failure\n", __func__);
- goto abort_kexec;
}
if (result == KEXEC_LOAD_SIGNATURE_FAILURE) {
pb_log("%s: Aborting kexec due to signature"
" verification failure\n", __func__);
- goto abort_kexec;
}
+
+ goto abort_kexec;
}
const char* local_initrd = (boot_task->local_initrd_override) ?