www.infradead.org Git - users/dwmw2/linux.git/commit

author	John S. Gruber <JohnSGruber@gmail.com>
	Sun, 1 Sep 2019 22:00:54 +0000 (00:00 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 10 Sep 2019 09:35:26 +0000 (10:35 +0100)
commit	317a66e24b4608564c70eaa941a815b5ceadbcba
tree	3d1888845aa4f91c77ce49c269070717b4592507	tree
parent	1a7fd193e9d85d2a6b11f16e19bbaf28f75ff11b	commit \| diff

x86/boot: Preserve boot_params.secure_boot from sanitizing

commit 29d9a0b50736768f042752070e5cdf4e4d4c00df upstream.

Commit

a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else")

now zeroes the secure boot setting information (enabled/disabled/...)
passed by the boot loader or by the kernel's EFI handover mechanism.

The problem manifests itself with signed kernels using the EFI handoff
protocol with grub and the kernel loses the information whether secure
boot is enabled in the firmware, i.e., the log message "Secure boot
enabled" becomes "Secure boot could not be determined".

efi_main() arch/x86/boot/compressed/eboot.c sets this field early but it
is subsequently zeroed by the above referenced commit.

Include boot_params.secure_boot in the preserve field list.

[ bp: restructure commit message and massage. ]

Fixes: a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else")
Signed-off-by: John S. Gruber <JohnSGruber@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: stable <stable@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/CAPotdmSPExAuQcy9iAHqX3js_fc4mMLQOTr5RBGvizyCOPcTQQ@mail.gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>