If insert_new_keys() fails, say due to a full variable store, we currently
still exit(0). This can make it difficult to know something is wrong.
For example, Debian and Ubuntu implement a secureboot-db systemd service
to update the DB and DBX, which calls:
ExecStart=/usr/bin/sbkeysync --no-default-keystores --keystore /usr/share/secureboot/updates --verbose
But although this seemed to succeed on my system, looking at the logs shows
a different story:
Inserting key update /usr/share/secureboot/updates/dbx/dbxupdate_x64.bin into dbx
Error writing key update: Invalid argument
Error syncing keystore file /usr/share/secureboot/updates/dbx/dbxupdate_x64.bin
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
f12484869c