- // In Secure Boot mode, try to use shim/MOK-style loading first, and if
- // that fails, try the standard EFI system call (LoadImage()). This is
- // done for efficiency, to prevent loading a binary twice, which can
- // take several seconds to load a Linux kernel with EFI stub support on
- // some systems. Linux kernels are likely to be shim/MOK signed, so
- // this is quickest for them; and delays for most other boot loaders
- // will be unnoticeably short. To prevent delays or failures in case
- // of buggy shim/MOK code on non-SB systems, skip that attempt and
- // call LoadImage() directly when not in SB mode.
- if (SecureMode) {
- FindVolumeAndFilename(DevicePaths[DevicePathIndex], &DeviceVolume, &loader);
- if (DeviceVolume != NULL) {
- Status = ReadFile(DeviceVolume->RootDir, loader, &File, &ImageSize);
- ImageData = File.Buffer;
- } else {
- Status = EFI_NOT_FOUND;
- Print(L"Error: device volume not found!\n");
- } // if/else
- if (Status != EFI_NOT_FOUND) {
- ReturnStatus = Status = start_image(SelfImageHandle, loader, ImageData, ImageSize, FullLoadOptions,
- DeviceVolume, DevicePaths[DevicePathIndex]);
- }
- if (ReturnStatus == EFI_SUCCESS) {
- UseMok = TRUE;
- } // if
- // If shim/MOK load fails, try regular EFI load, in case it's an unsupported
- // binary type....
- if (!UseMok) {
- ReturnStatus = Status = refit_call6_wrapper(BS->LoadImage, FALSE, SelfImageHandle, DevicePaths[DevicePathIndex],
- NULL, 0, &ChildImageHandle);
- } // if (!UseMok)
- } else { // Secure Boot inactive; only do standard call....
- ReturnStatus = Status = refit_call6_wrapper(BS->LoadImage, FALSE, SelfImageHandle, DevicePaths[DevicePathIndex],
- NULL, 0, &ChildImageHandle);
- } // if/else (SecureMode)