Skip to content

Commit

Permalink
Provide better error message when MokManager is not found
Browse files Browse the repository at this point in the history
If MokManager has to be entered but system is booting on disk on
EFI/BOOT/BOOTx.EFI entry, MokManager cannot be found because it's not in
that directory.
This indicates an issue with the BootOrder or the UEFI firmware is just
not taking BootOrder into account (seen on Lenovo ThinkPad P1 Gen 6 and
VMWare).
This patch prints a related message and reboots after 10 seconds.

Reproducer:
1. Import a certificate using mokutil
2. Tell UEFI to boot on BOOTX64.EFI entry on next boot

Result without the patch with verbosity:
-----------------------------------------------------------------------
mok.c:1045:import_mok_state() checking mok request
shim.c:866:load_image() attempting to load \EFI\BOOT\mmx64.efi
Failed to open \EFI\BOOT\mmx64.efi - Not Found
Failed to load image 貘給: Not Found
shim.c:888 load_image() Failed to open \EFI\BOOT\mmx64.efi - Not Found
shim.c:1115 read_image() Failed to load image 貘給: Not Found
Failed to start MokManager: Not Found
mok.c:1047:import_mok_state() mok returned Not Found
Something has gone seriously wrong: import_mok_state() failed: Not Found
-----------------------------------------------------------------------

Signed-off-by: Renaud Métrich <[email protected]>
  • Loading branch information
rmetrich committed Jun 4, 2024
1 parent 0287c6b commit fc0f1d4
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 1 deletion.
20 changes: 20 additions & 0 deletions mok.c
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,26 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
efi_status = start_image(image_handle, MOK_MANAGER);

if (EFI_ERROR(efi_status)) {
EFI_STATUS efi_status_2;
EFI_LOADED_IMAGE *li;
efi_status_2 = BS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID,
(void **)&li);
if (EFI_ERROR(efi_status_2))
perror (L"Failed to get image: %r\n", efi_status_2);
else if (is_removable_media_path(li) &&
efi_status == EFI_NOT_FOUND) {
CHAR16 *title = L"Could not find MokManager";
CHAR16 *message = L"Boot Order must be misconfigured " \
"or not honored by the UEFI firmware.";
/*
* This occurs when system is booting on
* hard disk's EFI/BOOT/BOOTxxx.EFI entry
* while it should have booted on
* EFI/<os>/shimxxx.efi entry
*/
console_countdown(title, message, 10);
RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
}
perror(L"Failed to start MokManager: %r\n", efi_status);
return efi_status;
}
Expand Down
2 changes: 1 addition & 1 deletion shim.c
Original file line number Diff line number Diff line change
Expand Up @@ -780,7 +780,7 @@ verify_buffer (char *data, int datasize,
return verify_buffer_sbat(data, datasize, context);
}

static int
int
is_removable_media_path(EFI_LOADED_IMAGE *li)
{
unsigned int pathlen = 0;
Expand Down
1 change: 1 addition & 0 deletions shim.h
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,7 @@ typedef struct _SHIM_LOCK {
} SHIM_LOCK;

extern EFI_STATUS shim_init(void);
extern int is_removable_media_path(EFI_LOADED_IMAGE *li);
extern void shim_fini(void);
extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func,
const CHAR16 *fmt, ...);
Expand Down

0 comments on commit fc0f1d4

Please sign in to comment.