Commit 59a1d6d3ea1e replaced the Verify status check with !EFI_ERROR(...), this changed the behaviour to consider any warnings (EFI_WARN_) to be considered a successful verification.
This commit reverts that behaviour change. Signed-off-by: Gerald Elder-Vass <[email protected]> --- CC: Marek Marczykowski-Górecki <[email protected]> CC: "Daniel P. Smith" <[email protected]> CC: Jan Beulich <[email protected]> CC: Andrew Cooper <[email protected]> CC: Anthony PERARD <[email protected]> CC: Michal Orzel <[email protected]> CC: Julien Grall <[email protected]> CC: "Roger Pau Monné" <[email protected]> CC: Stefano Stabellini <[email protected]> --- xen/common/efi/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index ca162db0d8d3..36e1e2cf9d4a 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1090,7 +1090,7 @@ static void __init efi_verify_kernel(EFI_HANDLE ImageHandle) if ( !verified && !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL, (void **)&shim_lock)) && - !EFI_ERROR(shim_lock->Verify(kernel.ptr, kernel.size)) ) + shim_lock->Verify(kernel.ptr, kernel.size) == EFI_SUCCESS ) verified = true; if ( !verified ) -- 2.47.3
