From 1a6ed0af99e6817b5239780fadbbc49d6977e43f Mon Sep 17 00:00:00 2001 From: Alex Zenla Date: Sun, 2 Nov 2025 00:27:45 -0400 Subject: [PATCH] fix(shim): avoid masking the underlying error when shim verify fails --- src/integrations/shim.rs | 4 ++-- src/integrations/shim/hook.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/integrations/shim.rs b/src/integrations/shim.rs index 201e4b5..134ccf8 100644 --- a/src/integrations/shim.rs +++ b/src/integrations/shim.rs @@ -111,7 +111,7 @@ impl<'a> ShimInput<'a> { /// to actually boot. pub enum ShimVerificationOutput { /// The verification failed. - VerificationFailed, + VerificationFailed(Status), /// The data provided to the verifier was already a buffer. VerifiedDataNotLoaded, /// Verifying the data resulted in loading the data from the source. @@ -206,7 +206,7 @@ impl ShimSupport { // If the verification failed, return the verification failure output. if !status.is_success() { - return Ok(ShimVerificationOutput::VerificationFailed); + return Ok(ShimVerificationOutput::VerificationFailed(status)); } // If verification succeeded, return the validation output, diff --git a/src/integrations/shim/hook.rs b/src/integrations/shim/hook.rs index f28eaa6..0652e7a 100644 --- a/src/integrations/shim/hook.rs +++ b/src/integrations/shim/hook.rs @@ -58,7 +58,7 @@ impl SecurityHook { match ShimSupport::verify(input) { Ok(output) => match output { // If the verification failed, return the access-denied status. - ShimVerificationOutput::VerificationFailed => Status::ACCESS_DENIED, + ShimVerificationOutput::VerificationFailed(status) => status, // If the verification succeeded, return the success status. ShimVerificationOutput::VerifiedDataNotLoaded => Status::SUCCESS, ShimVerificationOutput::VerifiedDataBuffer(_) => Status::SUCCESS,