From a22fa882021c453d888ac0b565a67ff9a21ff016 Mon Sep 17 00:00:00 2001 From: Dan Duval Date: Mon, 14 Dec 2015 14:29:13 -0500 Subject: [PATCH] x86/efi: back-out bug fix 22353360 which causes efi regression Revert "conditionalize Secure Boot initialization on x86 platform" Revert "x86/efi: Set securelevel when loaded without efi stub" Orabug: 22363222 This reverts commit 289ef170a213f9b078886327a162cbcb7a325838. This reverts commit a954f7350658a8fde4b893c7b74de8137864ad12. We're reverting the two commits for now, but will continue to investigate a correct fix to the original problem. Signed-off-by: Dan Duval --- arch/x86/kernel/setup.c | 8 +++++++ arch/x86/platform/efi/efi.c | 47 ------------------------------------- include/linux/efi.h | 1 - init/main.c | 2 -- 4 files changed, 8 insertions(+), 50 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 7cea402a45d3..97838c712a96 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -1157,6 +1157,14 @@ void __init setup_arch(char **cmdline_p) io_delay_init(); +#ifdef CONFIG_EFI_SECURE_BOOT_SECURELEVEL + if (boot_params.secure_boot) { + set_bit(EFI_SECURE_BOOT, &efi.flags); + set_securelevel(1); + pr_info("Secure boot enabled\n"); + } +#endif + /* * Parse the ACPI tables for possible boot-time SMP configuration. */ diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index fc8c2054f3ab..02744df576d5 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -44,7 +44,6 @@ #include #include #include -#include #include #include @@ -79,41 +78,6 @@ static int __init setup_add_efi_memmap(char *arg) } early_param("add_efi_memmap", setup_add_efi_memmap); -static int __init efi_secure_boot_enabled(void) -{ - efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; - static efi_char16_t sb_var[] = { - 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 }; - static efi_char16_t sm_var[] = { - 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 }; - u8 sb, setup; - unsigned long datasize = sizeof(sb); - efi_status_t status; - - if (boot_params.secure_boot) - return 1; - - status = efi.get_variable((efi_char16_t*)sb_var, - &var_guid, NULL, &datasize, &sb); - - if (status != EFI_SUCCESS) - return 0; - - if (sb == 0) - return 0; - - status = efi.get_variable((efi_char16_t*)sm_var, - &var_guid, NULL, &datasize, &setup); - - if (status != EFI_SUCCESS) - return 0; - - if (setup == 1) - return 0; - - return 1; -} - static efi_status_t __init phys_efi_set_virtual_address_map( unsigned long memory_map_size, unsigned long descriptor_size, @@ -472,17 +436,6 @@ static int __init efi_memmap_init(void) return 0; } -void __init efi_secure_boot_init(void) -{ - if (!efi_secure_boot_enabled()) - return; - - boot_params.secure_boot = 1; -#ifdef CONFIG_EFI_SECURE_BOOT_SECURELEVEL - set_securelevel(1); -#endif -} - void __init efi_init(void) { efi_char16_t *c16; diff --git a/include/linux/efi.h b/include/linux/efi.h index 10df94c7b35c..03eed462480c 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -890,7 +890,6 @@ extern void efi_enter_virtual_mode (void); /* switch EFI to virtual mode, if pos extern void efi_late_init(void); extern void efi_free_boot_services(void); extern efi_status_t efi_query_variable_store(u32 attributes, unsigned long size); -extern void efi_secure_boot_init(void); #else static inline void efi_late_init(void) {} static inline void efi_free_boot_services(void) {} diff --git a/init/main.c b/init/main.c index a796b4fb3e30..2115055faeac 100644 --- a/init/main.c +++ b/init/main.c @@ -638,8 +638,6 @@ asmlinkage __visible void __init start_kernel(void) #ifdef CONFIG_X86 if (efi_enabled(EFI_RUNTIME_SERVICES)) efi_enter_virtual_mode(); - if (efi_enabled(EFI_RUNTIME_SERVICES)) - efi_secure_boot_init(); #endif #ifdef CONFIG_X86_ESPFIX64 /* Should be run before the first non-init thread is created */ -- 2.50.1