[PATCH 07/13] go: only use it if boot signature is not required
Jean-Christophe PLAGNIOL-VILLARD
plagnioj at jcrosoft.com
Sat Mar 25 19:44:58 PDT 2017
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com>
---
commands/go.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/commands/go.c b/commands/go.c
index fb319b320..e0385a977 100644
--- a/commands/go.c
+++ b/commands/go.c
@@ -26,6 +26,7 @@
#include <fcntl.h>
#include <linux/ctype.h>
#include <errno.h>
+#include <boot_verify.h>
static int do_go(int argc, char *argv[])
{
@@ -37,6 +38,9 @@ static int do_go(int argc, char *argv[])
if (argc < 2)
return COMMAND_ERROR_USAGE;
+ if (boot_get_verify_mode() < BOOT_VERIFY_AVAILABLE)
+ return -ESECVIOLATION;
+
if (!isdigit(*argv[1])) {
fd = open(argv[1], O_RDONLY);
if (fd < 0) {
--
2.11.0
More information about the barebox
mailing list