lib/security: hard_lockdown flag to stop runtime disable of signed boot

[petitboot] / lib / security / openssl.c

diff --git a/lib/security/openssl.c b/lib/security/openssl.c
index 03ea3326484fe1e1b1ab96de072163086d7379f7..6454f8a8668c14b2db7f5f3961a792ea9f4b5685 100644 (file)
--- a/lib/security/openssl.c
+++ b/lib/security/openssl.c
@@ -456,8 +456,10 @@ int lockdown_status(void)
        int ret = PB_LOCKDOWN_SIGN;
        PKCS12 *p12 = NULL;
 
+#if !defined(HARD_LOCKDOWN)
        if (access(LOCKDOWN_FILE, F_OK) == -1)
                return PB_LOCKDOWN_NONE;
+#endif
 
        /* determine lockdown type */
 
@@ -471,6 +473,6 @@ int lockdown_status(void)
                fclose(authorized_signatures_handle);
        }
 
-    return ret;
+       return ret;
 }