discover/boot: abort kexec on any error from validation
authorBrett Grandbois <brett.grandbois@opengear.com>
Wed, 16 May 2018 03:23:49 +0000 (13:23 +1000)
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>
Wed, 23 May 2018 01:09:38 +0000 (11:09 +1000)
gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/boot.c

index 0da40e3d8f4b11d6f13b20c2147ef5a3dfd521a3..09e42f2c1b3fb0df7bd266a9b56c55f96f0fb4b2 100644 (file)
@@ -76,13 +76,13 @@ static int kexec_load(struct boot_task *boot_task)
                if (result == KEXEC_LOAD_DECRYPTION_FALURE) {
                        pb_log("%s: Aborting kexec due to"
                                " decryption failure\n", __func__);
-                       goto abort_kexec;
                }
                if (result == KEXEC_LOAD_SIGNATURE_FAILURE) {
                        pb_log("%s: Aborting kexec due to signature"
                                " verification failure\n", __func__);
-                       goto abort_kexec;
                }
+
+               goto abort_kexec;
        }
 
        const char* local_initrd = (boot_task->local_initrd_override) ?