[PATCH 9/9] loader/linux: Report the UEFI Secure Boot status to the Linux kernel

Thu, 03 Dec 2020 07:07:24 -0800 

From: Daniel Kiper <daniel.ki...@oracle.com>

Now that the GRUB has a grub_efi_get_secureboot() function to check the
UEFI Secure Boot status, use it to report that to the Linux kernel.

Signed-off-by: Ignat Korchagin <ig...@cloudflare.com>
Signed-off-by: Daniel Kiper <daniel.ki...@oracle.com>
Signed-off-by: Marco A Benatto <mbena...@redhat.com>
Signed-off-by: Javier Martinez Canillas <javi...@redhat.com>
---

 grub-core/loader/i386/linux.c | 6 +++++-
 include/grub/i386/linux.h     | 8 ++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 976af3fae87..d7e68658f43 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -46,6 +46,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 
 #ifdef GRUB_MACHINE_EFI
 #include <grub/efi/efi.h>
+#include <grub/efi/sb.h>
 #define HAS_VGA_TEXT 0
 #define DEFAULT_VIDEO_MODE "auto"
 #define ACCEPTS_PURE_TEXT 0
@@ -583,6 +584,9 @@ grub_linux_boot (void)
     grub_efi_uintn_t efi_desc_size;
     grub_size_t efi_mmap_target;
     grub_efi_uint32_t efi_desc_version;
+
+    ctx.params->secure_boot = grub_efi_get_secureboot ();
+
     err = grub_efi_finish_boot_services (&efi_mmap_size, efi_mmap_buf, NULL,
                                         &efi_desc_size, &efi_desc_version);
     if (err)
@@ -794,7 +798,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
 
   linux_params.code32_start = prot_mode_target + lh.code32_start - 
GRUB_LINUX_BZIMAGE_ADDR;
   linux_params.kernel_alignment = (1 << align);
-  linux_params.ps_mouse = linux_params.padding10 = 0;
+  linux_params.ps_mouse = linux_params.padding11 = 0;
   linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
 
   /* These two are used (instead of cmd_line_ptr) by older versions of Linux,
diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h
index 6da5f030fd1..eddf9251d9a 100644
--- a/include/grub/i386/linux.h
+++ b/include/grub/i386/linux.h
@@ -277,7 +277,11 @@ struct linux_kernel_params
 
   grub_uint8_t mmap_size;              /* 1e8 */
 
-  grub_uint8_t padding9[0x1f1 - 0x1e9];
+  grub_uint8_t padding9[0x1ec - 0x1e9];
+
+  grub_uint8_t secure_boot;             /* 1ec */
+
+  grub_uint8_t padding10[0x1f1 - 0x1ed];
 
   /* Linux setup header copy - BEGIN. */
   grub_uint8_t setup_sects;            /* The size of the setup in sectors */
@@ -288,7 +292,7 @@ struct linux_kernel_params
   grub_uint16_t vid_mode;              /* Video mode control */
   grub_uint16_t root_dev;              /* Default root device number */
 
-  grub_uint8_t padding10;              /* 1fe */
+  grub_uint8_t padding11;              /* 1fe */
   grub_uint8_t ps_mouse;               /* 1ff */
 
   grub_uint16_t jump;                  /* Jump instruction */
-- 
2.28.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to