[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 9/9] loader/linux: Report the UEFI Secure Boot status to the Linu
From: |
Javier Martinez Canillas |
Subject: |
[PATCH 9/9] loader/linux: Report the UEFI Secure Boot status to the Linux kernel |
Date: |
Thu, 3 Dec 2020 16:01:50 +0100 |
From: Daniel Kiper <daniel.kiper@oracle.com>
Now that the GRUB has a grub_efi_get_secureboot() function to check the
UEFI Secure Boot status, use it to report that to the Linux kernel.
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
grub-core/loader/i386/linux.c | 6 +++++-
include/grub/i386/linux.h | 8 ++++++--
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 976af3fae87..d7e68658f43 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -46,6 +46,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#ifdef GRUB_MACHINE_EFI
#include <grub/efi/efi.h>
+#include <grub/efi/sb.h>
#define HAS_VGA_TEXT 0
#define DEFAULT_VIDEO_MODE "auto"
#define ACCEPTS_PURE_TEXT 0
@@ -583,6 +584,9 @@ grub_linux_boot (void)
grub_efi_uintn_t efi_desc_size;
grub_size_t efi_mmap_target;
grub_efi_uint32_t efi_desc_version;
+
+ ctx.params->secure_boot = grub_efi_get_secureboot ();
+
err = grub_efi_finish_boot_services (&efi_mmap_size, efi_mmap_buf, NULL,
&efi_desc_size, &efi_desc_version);
if (err)
@@ -794,7 +798,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
linux_params.code32_start = prot_mode_target + lh.code32_start -
GRUB_LINUX_BZIMAGE_ADDR;
linux_params.kernel_alignment = (1 << align);
- linux_params.ps_mouse = linux_params.padding10 = 0;
+ linux_params.ps_mouse = linux_params.padding11 = 0;
linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
/* These two are used (instead of cmd_line_ptr) by older versions of Linux,
diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h
index 6da5f030fd1..eddf9251d9a 100644
--- a/include/grub/i386/linux.h
+++ b/include/grub/i386/linux.h
@@ -277,7 +277,11 @@ struct linux_kernel_params
grub_uint8_t mmap_size; /* 1e8 */
- grub_uint8_t padding9[0x1f1 - 0x1e9];
+ grub_uint8_t padding9[0x1ec - 0x1e9];
+
+ grub_uint8_t secure_boot; /* 1ec */
+
+ grub_uint8_t padding10[0x1f1 - 0x1ed];
/* Linux setup header copy - BEGIN. */
grub_uint8_t setup_sects; /* The size of the setup in sectors */
@@ -288,7 +292,7 @@ struct linux_kernel_params
grub_uint16_t vid_mode; /* Video mode control */
grub_uint16_t root_dev; /* Default root device number */
- grub_uint8_t padding10; /* 1fe */
+ grub_uint8_t padding11; /* 1fe */
grub_uint8_t ps_mouse; /* 1ff */
grub_uint16_t jump; /* Jump instruction */
--
2.28.0
- [PATCH 0/9] Add UEFI Secure Boot detection and report the status to Linux, Javier Martinez Canillas, 2020/12/03
- [PATCH 1/9] i386: Don't include <grub/cpu/linux.h> in coreboot and ieee1275 startup.S, Javier Martinez Canillas, 2020/12/03
- [PATCH 2/9] include/grub/i386/linux.h: Include missing <grub/types.h> header, Javier Martinez Canillas, 2020/12/03
- [PATCH 3/9] arm/term: Fix linking error due multiple ps2_state definitions, Javier Martinez Canillas, 2020/12/03
- [PATCH 4/9] efi: Make shim_lock GUID and protocol type public, Javier Martinez Canillas, 2020/12/03
- [PATCH 5/9] efi: Return grub_efi_status_t from grub_efi_get_variable(), Javier Martinez Canillas, 2020/12/03
- [PATCH 6/9] efi: Add a function to read EFI variables with attributes, Javier Martinez Canillas, 2020/12/03
- [PATCH 9/9] loader/linux: Report the UEFI Secure Boot status to the Linux kernel,
Javier Martinez Canillas <=
- [PATCH 7/9] efi: Add secure boot detection, Javier Martinez Canillas, 2020/12/03
- [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled, Javier Martinez Canillas, 2020/12/03
Re: [PATCH 0/9] Add UEFI Secure Boot detection and report the status to Linux, Daniel Kiper, 2020/12/04