Mark Rutland wrote:
> > + boot_params->secure_boot = (efi_get_secureboot(sys_table) == 1);
>
> In the arm stub's efi_entry(), we fail-safe, and assume secure boot for any
> non-zero status (including errors). e.g.
Okay, given what Matthew said:
A conforming implementation that suppo
On Wed, Nov 23, 2016 at 6:55 AM, David Howells wrote:
> Mark Rutland wrote:
>> > Actually, the two arches have a different interpretation on how to deal
>> > with an error. Matthew Garrett's original x86 patch assumes that if we
>> > get an error when trying to read SecureBoot and SetupMode that
On Wed, Nov 23, 2016 at 02:13:28PM +, David Howells wrote:
> Mark Rutland wrote:
>
> > > > if (secure_boot < 0)
> > > > pr_efi_err(sys_table,
> > > > "could not determine UEFI Secure Boot
> > > > status.\n");
> > >
> > > In which case, should
Mark Rutland wrote:
> On Wed, Nov 23, 2016 at 02:13:28PM +, David Howells wrote:
> > Mark Rutland wrote:
> >
> > > > > if (secure_boot < 0)
> > > > > pr_efi_err(sys_table,
> > > > > "could not determine UEFI Secure Boot
> > > > > status.\n");
> > >
Mark Rutland wrote:
> > > if (secure_boot < 0)
> > > pr_efi_err(sys_table,
> > > "could not determine UEFI Secure Boot status.\n");
> >
> > In which case, should this be moved into efi_get_secureboot() and it return
> > a
> > bool?
>
> That would make sense to me,
On Wed, Nov 23, 2016 at 11:25:57AM +, David Howells wrote:
> Mark Rutland wrote:
>
> > int secure_boot = efi_get_secureboot(sys_table);
> >
> > if (secure_boot > 0)
> > pr_efi(sys_table, "UEFI Secure Boot is enabled.\n");
> > if (secure_boot < 0)
> > pr_ef
Mark Rutland wrote:
> int secure_boot = efi_get_secureboot(sys_table);
>
> if (secure_boot > 0)
> pr_efi(sys_table, "UEFI Secure Boot is enabled.\n");
> if (secure_boot < 0)
> pr_efi_err(sys_table,
> "could not determine UEFI Se
On Wed, Nov 23, 2016 at 12:22:57AM +, David Howells wrote:
> @@ -1158,6 +1158,8 @@ struct boot_params *efi_main(struct efi_config *c,
> else
> setup_boot_services32(efi_early);
>
> + boot_params->secure_boot = (efi_get_secureboot(sys_table) == 1);
In the arm stub's ef
On Wed, Nov 23, 2016 at 09:53:00AM +, David Howells wrote:
> Lukas Wunner wrote:
> > It just occurred to me that the boot_params struct is populated in
> > make_boot_params(), perhaps it makes sense to move this line there.
> > Otherwise LGTM.
>
> Ummm... Looking at arch/x86/boot/compressed/
Lukas Wunner wrote:
> It just occurred to me that the boot_params struct is populated in
> make_boot_params(), perhaps it makes sense to move this line there.
> Otherwise LGTM.
Ummm... Looking at arch/x86/boot/compressed/head_64.S, make_boot_params() is
only called if the stub is entered throug
On Wed, Nov 23, 2016 at 12:22:57AM +, David Howells wrote:
> Get the firmware's secure-boot status in the kernel boot wrapper and stash
> it somewhere that the main kernel image can find.
>
> The efi_get_secureboot() function is extracted from the arm stub and (a)
> generalised so that it can
Get the firmware's secure-boot status in the kernel boot wrapper and stash
it somewhere that the main kernel image can find.
The efi_get_secureboot() function is extracted from the arm stub and (a)
generalised so that it can be called from x86 and (b) made to use
efi_call_runtime() so that it can
12 matches
Mail list logo
