git.baikalelectronics.ru Git - kernel.git/commit

author	John S. Gruber <JohnSGruber@gmail.com>
	Sun, 1 Sep 2019 22:00:54 +0000 (00:00 +0200)
committer	Borislav Petkov <bp@suse.de>
	Mon, 2 Sep 2019 07:17:45 +0000 (09:17 +0200)
commit	754a2aa7111199295c18c139c05a886fbb4b99ef
tree	18ffd1d8aef407d25d7fb6c4d4294645bf76a924	tree \| snapshot
parent	e9d7e7cdc7e936200103c94e1532745d3e4062ef	commit \| diff

x86/boot: Preserve boot_params.secure_boot from sanitizing

Commit

b30b6ebc5ec4 ("x86/boot: Save fields explicitly, zero out everything else")

now zeroes the secure boot setting information (enabled/disabled/...)
passed by the boot loader or by the kernel's EFI handover mechanism.

The problem manifests itself with signed kernels using the EFI handoff
protocol with grub and the kernel loses the information whether secure
boot is enabled in the firmware, i.e., the log message "Secure boot
enabled" becomes "Secure boot could not be determined".

efi_main() arch/x86/boot/compressed/eboot.c sets this field early but it
is subsequently zeroed by the above referenced commit.

Include boot_params.secure_boot in the preserve field list.

[ bp: restructure commit message and massage. ]

Fixes: b30b6ebc5ec4 ("x86/boot: Save fields explicitly, zero out everything else")
Signed-off-by: John S. Gruber <JohnSGruber@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: stable <stable@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/CAPotdmSPExAuQcy9iAHqX3js_fc4mMLQOTr5RBGvizyCOPcTQQ@mail.gmail.com