On Wed, 2018-05-16 at 11:18 +0100, Ferruh Yigit wrote: > When EFI secure boot is enabled, it is possible to lock down kernel > and > prevent accessing device BARs and this makes igb_uio unusable. > > Lock down patches are not part of the vanilla kernel but they are > applied and used by some distros already [1]. > > It is not possible to fix this issue, but intention of this patch is > to > detect and log if kernel lock down enabled and don't insert the > module > for that case. > > The challenge is since this feature enabled by distros, they have > different config options and APIs for it. This patch is done based on > Fedora and Ubuntu kernel source, may needs to add more distro > specific > support. > > [1] > kernel.ubuntu.com/git/ubuntu/ubuntu- > artful.git/commit/?id=99f9ef18d5b6 > And a few more patches to > > Signed-off-by: Ferruh Yigit <ferruh.yi...@intel.com> > --- > Cc: Christian Ehrhardt <christian.ehrha...@canonical.com> > Cc: Luca Boccassi <bl...@debian.org> > Cc: Maxime Coquelin <maxime.coque...@redhat.com> > Cc: Neil Horman <nhor...@tuxdriver.com> > Cc: Stephen Hemminger <step...@networkplumber.org> > > v2: > * remove distro comments from checks > Note: > Since kernel_is_locked_down() is macro in one case, it can be used > for > comparison: > #ifdef kernel_is_locked_down > kernel_is_locked_down(NULL) > #else > kernel_is_locked_down() > > This will force all non macro defined cases to else and this may be > broken in the feature if macro changed. > > To be more protective for changes, since this patch is not upstreamed > to > kernel yet, will keep config check although it is ugly. > ---
Acked-by: Luca Boccassi <bl...@debian.org> -- Kind regards, Luca Boccassi
