Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot
This commit is contained in:
Hans de Goede
parent
014d92c363
commit
c0fc8283f2
|
|
@ -0,0 +1,58 @@
|
|||
From 5f5251591ad0e9ae2e446eca48e27ac251c0d14b Mon Sep 17 00:00:00 2001
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
Date: Wed, 12 Sep 2018 20:32:05 +0200
|
||||
Subject: [PATCH] efi/x86: Call efi_parse_options() from efi_main()
|
||||
|
||||
Before this commit we were only calling efi_parse_options() from
|
||||
make_boot_params(), but make_boot_params() only gets called if the
|
||||
kernel gets booted directly as an EFI executable. So when booted through
|
||||
e.g. grub we ended up not parsing the commandline in the boot code.
|
||||
|
||||
This makes the drivers/firmware/efi/libstub code ignore the "quiet"
|
||||
commandline argument resulting in the following message being printed:
|
||||
"EFI stub: UEFI Secure Boot is enabled."
|
||||
|
||||
Despite the quiet request. This commits adds an extra call to
|
||||
efi_parse_options() to efi_main() to make sure that the options are
|
||||
always processed. This fixes quiet not working.
|
||||
|
||||
This also fixes the libstub code ignoring nokaslr and efi=nochunk.
|
||||
|
||||
Reported-by: Peter Robinson <pbrobinson@redhat.com>
|
||||
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
---
|
||||
arch/x86/boot/compressed/eboot.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||
index e98522e..8aa6f96 100644
|
||||
--- a/arch/x86/boot/compressed/eboot.c
|
||||
+++ b/arch/x86/boot/compressed/eboot.c
|
||||
@@ -918,6 +918,7 @@ struct boot_params *efi_main(struct efi_config *c,
|
||||
struct desc_struct *desc;
|
||||
void *handle;
|
||||
efi_system_table_t *_table;
|
||||
+ unsigned long cmdline_paddr;
|
||||
bool is64;
|
||||
|
||||
efi_early = c;
|
||||
@@ -937,6 +938,15 @@ struct boot_params *efi_main(struct efi_config *c,
|
||||
else
|
||||
setup_boot_services32(efi_early);
|
||||
|
||||
+ /*
|
||||
+ * make_boot_params() may have been called before efi_main(), in which
|
||||
+ * case this is the second time we parse the cmdline. This is ok,
|
||||
+ * parsing the cmdline multiple times does not have side-effects.
|
||||
+ */
|
||||
+ cmdline_paddr = ((u64)hdr->cmd_line_ptr |
|
||||
+ ((u64)boot_params->ext_cmd_line_ptr << 32));
|
||||
+ efi_parse_options((char *)cmdline_paddr);
|
||||
+
|
||||
/*
|
||||
* If the boot loader gave us a value for secure_boot then we use that,
|
||||
* otherwise we ask the BIOS.
|
||||
--
|
||||
2.19.0.rc1
|
||||
|
||||
|
|
@ -561,6 +561,10 @@ Patch211: drm-i915-hush-check-crtc-state.patch
|
|||
Patch212: efi-secureboot.patch
|
||||
Patch213: lockdown-fix-coordination-of-kernel-module-signature-verification.patch
|
||||
|
||||
# Fix printing of "EFI stub: UEFI Secure Boot is enabled.",
|
||||
# queued upstream in efi.git/next
|
||||
Patch214: efi-x86-call-parse-options-from-efi-main.patch
|
||||
|
||||
# 300 - ARM patches
|
||||
Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch
|
||||
|
||||
|
|
@ -1912,6 +1916,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu Sep 13 2018 Hans de Goede <hdegoede@redhat.com>
|
||||
- Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot
|
||||
|
||||
* Mon Sep 10 2018 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Add 96boards rk3399 Ficus and Rock960 support
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue