From: Jan Janssen <medhefgo@web.de>
Date: Wed, 3 Aug 2022 09:05:12 +0000 (+0200)
Subject: boot: Follow-up fixes for #20255
X-Git-Tag: v252-rc1~514^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f234a56db597c04b7c923469962a54637c381bb9;p=thirdparty%2Fsystemd.git

boot: Follow-up fixes for #20255
---

diff --git a/man/loader.conf.xml b/man/loader.conf.xml
index acddb193d1a..7aa1ed72543 100644
--- a/man/loader.conf.xml
+++ b/man/loader.conf.xml
@@ -248,9 +248,9 @@
         and <filename>PK.esl</filename>. Note that these files need to be authenticated UEFI variables. See
         below for an example of how to generate them from regular X.509 keys.</para>
 
-        <programlisting>uuid=$(systemd-id128 new --)
+        <programlisting>uuid=$(systemd-id128 new --uuid)
 for key in PK KEK db; do
-  openssl req -new -x509 -subj "/CN=${key}/ -keyout "${key}.key" -out "${key}.crt"
+  openssl req -new -x509 -subj "/CN=${key}/" -keyout "${key}.key" -out "${key}.crt"
   openssl x509 -outform DER -in "${key}.crt" -out "${key}.cer"
   cert-to-efi-sig-list -g "${uuid}" "${key}.crt" "${key}.tmp"
 done
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index db0bbab0f2b..87771c477dd 100644
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -2690,8 +2690,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
                 /* if auto enrollment is activated, we try to load keys for the given entry. */
                 if (entry->type == LOADER_SECURE_BOOT_KEYS && config.secure_boot_enroll != ENROLL_OFF) {
                         err = secure_boot_enroll_at(root_dir, entry->path);
-                        if (err == EFI_SUCCESS)
-                                return EFI_SUCCESS;
+                        if (err != EFI_SUCCESS)
+                                return err;
                         continue;
                 }
 
diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
index 1da1026df5d..aabe521eba4 100644
--- a/src/boot/efi/secure-boot.c
+++ b/src/boot/efi/secure-boot.c
@@ -43,7 +43,7 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) {
 
         clear_screen(COLOR_NORMAL);
 
-        Print(L"Enrolling secure boot keys from directory: \\loader\\keys\\%s\n"
+        Print(L"Enrolling secure boot keys from directory: %s\n"
               L"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n",
               path);