www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Dan Duval <dan.duval@oracle.com>
	Fri, 11 Dec 2015 20:20:20 +0000 (15:20 -0500)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Wed, 16 Mar 2016 15:18:26 +0000 (08:18 -0700)
commit	7744d564001adfc0eedb4ace1f2d7a23d383d700
tree	db78bb5b8d636baa4136c89178b4404c079f85e2	tree
parent	a22fa882021c453d888ac0b565a67ff9a21ff016	commit \| diff

x86/efi: Set securelevel when loaded without efi stub

Orabug: 22364965

With UEFI Secure Boot enabled and securelevel set, after a kernel is loaded
using kexec and booted, securelevel is disabled. With the securelevel patch
set, the state of UEFI Secure Boot is queried when booted via the efi stub, but
kexec does not use the efi stub.

To allow kernels which are not loaded through the efi stub to properly set
securelevel as well, add a new init routine to start_kernel() to query the
state of UEFI Secure Boot and enable securelevel if needed.

Taken from https://bugzilla.redhat.com/attachment.cgi?id=1052836 .

Signed-off-by: Linn Crosetto <linn@hp.com>
Signed-off-by: Dan Duval <dan.duval@oracle.com>
(cherry picked from commit a954f7350658a8fde4b893c7b74de8137864ad12)
Signed-off-by: Dan Duval <dan.duval@oracle.com>

arch/x86/kernel/setup.c		diff \| blob \| history
arch/x86/platform/efi/efi.c		diff \| blob \| history
include/linux/efi.h		diff \| blob \| history
init/main.c		diff \| blob \| history