efi_loader: improve error handling in try_load_entry()

The image is not unloaded if a security violation occurs. If efi_set_load_options() fails, we do not free the memory allocated for the optional data. We do not unload the image. * Unload the image if a security violation occurs. * Free load_options if efi_set_load_options() fails. * Unload the image if efi_set_load_options() fails. Fixes: 53f6a5aa86 ("efi_loader: Replace config option for initrd loading") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2024-04-22 10:41:00 +02:00
parent 84aab11d35
commit 566f067349
4 changed files with 72 additions and 73 deletions
--- a/test/py/tests/test_efi_secboot/test_signed_intca.py
+++ b/test/py/tests/test_efi_secboot/test_signed_intca.py
@@ -43,7 +43,7 @@ class TestEfiSignedImageIntca(object):
                'efidebug boot order 1',
                'efidebug test bootmgr'])
            assert '\'HELLO_a\' failed' in ''.join(output)
-            assert 'efi_start_image() returned: 26' in ''.join(output)
+            assert 'efi_bootmgr_load() returned: 26' in ''.join(output)

        with u_boot_console.log.section('Test Case 1b'):
            # Test Case 1b, signed and authenticated by root CA
@@ -74,7 +74,7 @@ class TestEfiSignedImageIntca(object):
                'efidebug boot order 1',
                'efidebug test bootmgr'])
            assert '\'HELLO_abc\' failed' in ''.join(output)
-            assert 'efi_start_image() returned: 26' in ''.join(output)
+            assert 'efi_bootmgr_load() returned: 26' in ''.join(output)

        with u_boot_console.log.section('Test Case 2b'):
            # Test Case 2b, signed and authenticated by root CA
@@ -84,7 +84,7 @@ class TestEfiSignedImageIntca(object):
                'efidebug boot order 1',
                'efidebug test bootmgr'])
            assert '\'HELLO_abc\' failed' in ''.join(output)
-            assert 'efi_start_image() returned: 26' in ''.join(output)
+            assert 'efi_bootmgr_load() returned: 26' in ''.join(output)

        with u_boot_console.log.section('Test Case 2c'):
            # Test Case 2c, signed and authenticated by root CA
@@ -122,7 +122,7 @@ class TestEfiSignedImageIntca(object):
            assert 'Hello, world!' in ''.join(output)
            # Or,
            # assert '\'HELLO_abc\' failed' in ''.join(output)
-            # assert 'efi_start_image() returned: 26' in ''.join(output)
+            # assert 'efi_bootmgr_load() returned: 26' in ''.join(output)

        with u_boot_console.log.section('Test Case 3b'):
            # Test Case 3b, revoked by root CA in dbx
@@ -132,4 +132,4 @@ class TestEfiSignedImageIntca(object):
                'efidebug boot order 1',
                'efidebug test bootmgr'])
            assert '\'HELLO_abc\' failed' in ''.join(output)
-            assert 'efi_start_image() returned: 26' in ''.join(output)
+            assert 'efi_bootmgr_load() returned: 26' in ''.join(output)