x86/efi: back-out bug fix 22353360 which causes efi regression

Revert "conditionalize Secure Boot initialization on x86 platform"
Revert "x86/efi: Set securelevel when loaded without efi stub"

Orabug: 22363222

This reverts commit 289ef170a213f9b078886327a162cbcb7a325838.
This reverts commit a954f7350658a8fde4b893c7b74de8137864ad12.

We're reverting the two commits for now, but will continue to
investigate a correct fix to the original problem.

Signed-off-by: Dan Duval <dan.duval@oracle.com>

diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 7cea402a45d332fa50fc5b7544c3e4ae4d395e97..97838c712a96a319e73c29b46e3929afd07873e0 100644 (file)
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1157,6 +1157,14 @@ void __init setup_arch(char **cmdline_p)
 
        io_delay_init();
 
+#ifdef CONFIG_EFI_SECURE_BOOT_SECURELEVEL
+       if (boot_params.secure_boot) {
+               set_bit(EFI_SECURE_BOOT, &efi.flags);
+               set_securelevel(1);
+               pr_info("Secure boot enabled\n");
+       }
+#endif
+
        /*
         * Parse the ACPI tables for possible boot-time SMP configuration.
         */

diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index fc8c2054f3ab36b91cc5040236e637dfdcbf3ed1..02744df576d52588a35308998ecc1a138435012e 100644 (file)
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -44,7 +44,6 @@
 #include <linux/io.h>
 #include <linux/reboot.h>
 #include <linux/bcd.h>
-#include <linux/security.h>
 
 #include <asm/setup.h>
 #include <asm/efi.h>
@@ -79,41 +78,6 @@ static int __init setup_add_efi_memmap(char *arg)
 }
 early_param("add_efi_memmap", setup_add_efi_memmap);
 
-static int __init efi_secure_boot_enabled(void)
-{
-       efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
-       static efi_char16_t sb_var[] = {
-               'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
-       static efi_char16_t sm_var[] = {
-               'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 };
-       u8 sb, setup;
-       unsigned long datasize = sizeof(sb);
-       efi_status_t status;
-
-       if (boot_params.secure_boot)
-               return 1;
-
-       status = efi.get_variable((efi_char16_t*)sb_var,
-                               &var_guid, NULL, &datasize, &sb);
-
-       if (status != EFI_SUCCESS)
-               return 0;
-
-       if (sb == 0)
-               return 0;
-
-       status = efi.get_variable((efi_char16_t*)sm_var,
-                               &var_guid, NULL, &datasize, &setup);
-
-       if (status != EFI_SUCCESS)
-               return 0;
-
-       if (setup == 1)
-               return 0;
-
-       return 1;
-}
-
 static efi_status_t __init phys_efi_set_virtual_address_map(
        unsigned long memory_map_size,
        unsigned long descriptor_size,
@@ -472,17 +436,6 @@ static int __init efi_memmap_init(void)
        return 0;
 }
 
-void __init efi_secure_boot_init(void)
-{
-       if (!efi_secure_boot_enabled())
-               return;
-
-       boot_params.secure_boot = 1;
-#ifdef CONFIG_EFI_SECURE_BOOT_SECURELEVEL
-       set_securelevel(1);
-#endif
-}
-
 void __init efi_init(void)
 {
        efi_char16_t *c16;

diff --git a/include/linux/efi.h b/include/linux/efi.h
index 10df94c7b35c4feb84d9e0f5a5990c1f2a678917..03eed462480c127402f08b31d130c1bf85cae6e7 100644 (file)
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -890,7 +890,6 @@ extern void efi_enter_virtual_mode (void);  /* switch EFI to virtual mode, if pos
 extern void efi_late_init(void);
 extern void efi_free_boot_services(void);
 extern efi_status_t efi_query_variable_store(u32 attributes, unsigned long size);
-extern void efi_secure_boot_init(void);
 #else
 static inline void efi_late_init(void) {}
 static inline void efi_free_boot_services(void) {}

diff --git a/init/main.c b/init/main.c
index a796b4fb3e3057945b176c5873422f0eda8127d0..2115055faeac948bd164c9e8d574795f557f02a5 100644 (file)
--- a/init/main.c
+++ b/init/main.c
@@ -638,8 +638,6 @@ asmlinkage __visible void __init start_kernel(void)
 #ifdef CONFIG_X86
        if (efi_enabled(EFI_RUNTIME_SERVICES))
                efi_enter_virtual_mode();
-       if (efi_enabled(EFI_RUNTIME_SERVICES))
-               efi_secure_boot_init();
 #endif
 #ifdef CONFIG_X86_ESPFIX64
        /* Should be run before the first non-init thread is created */