And the grub used the protocol to very the signature, but stopped in the second call.
in grub loader/i386/efi/linux.c
if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)
return 1;
grub_dprintf ("linuxefi", "Asking shim to verify kernel signature\n");
status = shim_lock->verify(data, size);
if (status == GRUB_EFI_SUCCESS)
{
grub_dprintf ("linuxefi", "Kernel signature verification passed\n");
return 1;
}
It seems, interface. Verify = shim_verify;
The shim installs the UEFI protocol in shim.c
EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
{
...
shim_lock_
... wrapper( BS->InstallProt ocolInterface, 4, &handle, lock_guid, EFI_NATIVE_ INTERFACE, lock_interface) ;
uefi_call_
&shim_
&shim_
}
And the grub used the protocol to very the signature, but stopped in the second call. i386/efi/ linux.c >verify( data, size) == GRUB_EFI_SUCCESS) >verify( data, size);
in grub loader/
if (shim_lock-
return 1;
grub_dprintf ("linuxefi", "Asking shim to verify kernel signature\n");
status = shim_lock-
if (status == GRUB_EFI_SUCCESS)
{
grub_dprintf ("linuxefi", "Kernel signature verification passed\n");
return 1;
}
grub_dprintf ("linuxefi", "Kernel signature verification failed (0x%lx)\n",
(unsigned long) status);
return 0;