33 lines
993 B
Diff
33 lines
993 B
Diff
From 71db1b222ecdf6cb4356f6f1e2bd45cd2f0e85e1 Mon Sep 17 00:00:00 2001
|
|
From: Laura Abbott <labbott@redhat.com>
|
|
Date: Tue, 18 Oct 2016 13:58:44 -0700
|
|
Subject: [PATCH] MODSIGN: Don't try secure boot if EFI runtime is disabled
|
|
|
|
Secure boot depends on having EFI runtime variable access. The code
|
|
does not handle a lack of runtime variables gracefully. Add a check
|
|
to just bail out of EFI runtime is disabled.
|
|
|
|
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
|
---
|
|
kernel/modsign_uefi.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
|
|
index a41da14..2bdaf76 100644
|
|
--- a/kernel/modsign_uefi.c
|
|
+++ b/kernel/modsign_uefi.c
|
|
@@ -71,6 +71,10 @@ static int __init load_uefi_certs(void)
|
|
if (!efi_enabled(EFI_SECURE_BOOT))
|
|
return 0;
|
|
|
|
+ /* Things blow up if efi runtime is disabled */
|
|
+ if (efi_runtime_disabled())
|
|
+ return 0;
|
|
+
|
|
keyring = get_system_keyring();
|
|
if (!keyring) {
|
|
pr_err("MODSIGN: Couldn't get system keyring\n");
|
|
--
|
|
2.7.4
|
|
|