Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot
This commit is contained in:
Hans de Goede
parent
fba9b4ec2b
commit
8eb140ceae
58
efi-x86-call-parse-options-from-efi-main.patch
Normal file
58
efi-x86-call-parse-options-from-efi-main.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From ecb77f61f10b36476133e31cdc001892b5463b90 Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Wed, 12 Sep 2018 20:32:05 +0200
|
||||
Subject: efi/x86: Call efi_parse_options() from efi_main()
|
||||
|
||||
Before this commit we were only calling efi_parse_options() from
|
||||
make_boot_params(), but make_boot_params() only gets called if the
|
||||
kernel gets booted directly as an EFI executable. So when booted through
|
||||
e.g. grub we ended up not parsing the commandline in the boot code.
|
||||
|
||||
This makes the drivers/firmware/efi/libstub code ignore the "quiet"
|
||||
commandline argument resulting in the following message being printed:
|
||||
"EFI stub: UEFI Secure Boot is enabled."
|
||||
|
||||
Despite the quiet request. This commits adds an extra call to
|
||||
efi_parse_options() to efi_main() to make sure that the options are
|
||||
always processed. This fixes quiet not working.
|
||||
|
||||
This also fixes the libstub code ignoring nokaslr and efi=nochunk.
|
||||
|
||||
Reported-by: Peter Robinson <pbrobinson@redhat.com>
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
---
|
||||
arch/x86/boot/compressed/eboot.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index 1458b1700fc7..8b4c5e001157 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -738,6 +738,7 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
|
||||
struct desc_struct *desc;
|
||||
void *handle;
|
||||
efi_system_table_t *_table;
|
||||
+ unsigned long cmdline_paddr;
|
||||
|
||||
efi_early = c;
|
||||
|
||||
@@ -755,6 +756,15 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
|
||||
else
|
||||
setup_boot_services32(efi_early);
|
||||
|
||||
+ /*
|
||||
+ * make_boot_params() may have been called before efi_main(), in which
|
||||
+ * case this is the second time we parse the cmdline. This is ok,
|
||||
+ * parsing the cmdline multiple times does not have side-effects.
|
||||
+ */
|
||||
+ cmdline_paddr = ((u64)hdr->cmd_line_ptr |
|
||||
+ ((u64)boot_params->ext_cmd_line_ptr << 32));
|
||||
+ efi_parse_options((char *)cmdline_paddr);
|
||||
+
|
||||
/*
|
||||
* If the boot loader gave us a value for secure_boot then we use that,
|
||||
* otherwise we ask the BIOS.
|
||||
--
|
||||
cgit 1.2-0.3.lf.el7
|
||||
|
||||
@ -560,6 +560,10 @@ Patch211: drm-i915-hush-check-crtc-state.patch
|
||||
|
||||
Patch212: efi-secureboot.patch
|
||||
|
||||
# Fix printing of "EFI stub: UEFI Secure Boot is enabled.",
|
||||
# queued upstream in efi.git/next
|
||||
Patch213: efi-x86-call-parse-options-from-efi-main.patch
|
||||
|
||||
# 300 - ARM patches
|
||||
Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch
|
||||
|
||||
@ -1863,6 +1867,9 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu Sep 13 2018 Hans de Goede <hdegoede@redhat.com>
|
||||
- Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot
|
||||
|
||||
* Wed Sep 12 2018 Jeremy Cline <jcline@redhat.com> - 4.19.0-0.rc3.git1.1
|
||||
- Linux v4.19-rc3-21-g5e335542de83
|
||||
- Re-enable debugging options.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user