Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot
This commit is contained in:
parent
fba9b4ec2b
commit
8eb140ceae
58
efi-x86-call-parse-options-from-efi-main.patch
Normal file
58
efi-x86-call-parse-options-from-efi-main.patch
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
From ecb77f61f10b36476133e31cdc001892b5463b90 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hans de Goede <hdegoede@redhat.com>
|
||||||
|
Date: Wed, 12 Sep 2018 20:32:05 +0200
|
||||||
|
Subject: efi/x86: Call efi_parse_options() from efi_main()
|
||||||
|
|
||||||
|
Before this commit we were only calling efi_parse_options() from
|
||||||
|
make_boot_params(), but make_boot_params() only gets called if the
|
||||||
|
kernel gets booted directly as an EFI executable. So when booted through
|
||||||
|
e.g. grub we ended up not parsing the commandline in the boot code.
|
||||||
|
|
||||||
|
This makes the drivers/firmware/efi/libstub code ignore the "quiet"
|
||||||
|
commandline argument resulting in the following message being printed:
|
||||||
|
"EFI stub: UEFI Secure Boot is enabled."
|
||||||
|
|
||||||
|
Despite the quiet request. This commits adds an extra call to
|
||||||
|
efi_parse_options() to efi_main() to make sure that the options are
|
||||||
|
always processed. This fixes quiet not working.
|
||||||
|
|
||||||
|
This also fixes the libstub code ignoring nokaslr and efi=nochunk.
|
||||||
|
|
||||||
|
Reported-by: Peter Robinson <pbrobinson@redhat.com>
|
||||||
|
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
||||||
|
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||||
|
---
|
||||||
|
arch/x86/boot/compressed/eboot.c | 10 ++++++++++
|
||||||
|
1 file changed, 10 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||||
|
index 1458b1700fc7..8b4c5e001157 100644
|
||||||
|
--- a/arch/x86/boot/compressed/eboot.c
|
||||||
|
+++ b/arch/x86/boot/compressed/eboot.c
|
||||||
|
@@ -738,6 +738,7 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
|
||||||
|
struct desc_struct *desc;
|
||||||
|
void *handle;
|
||||||
|
efi_system_table_t *_table;
|
||||||
|
+ unsigned long cmdline_paddr;
|
||||||
|
|
||||||
|
efi_early = c;
|
||||||
|
|
||||||
|
@@ -755,6 +756,15 @@ efi_main(struct efi_config *c, struct boot_params *boot_params)
|
||||||
|
else
|
||||||
|
setup_boot_services32(efi_early);
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * make_boot_params() may have been called before efi_main(), in which
|
||||||
|
+ * case this is the second time we parse the cmdline. This is ok,
|
||||||
|
+ * parsing the cmdline multiple times does not have side-effects.
|
||||||
|
+ */
|
||||||
|
+ cmdline_paddr = ((u64)hdr->cmd_line_ptr |
|
||||||
|
+ ((u64)boot_params->ext_cmd_line_ptr << 32));
|
||||||
|
+ efi_parse_options((char *)cmdline_paddr);
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* If the boot loader gave us a value for secure_boot then we use that,
|
||||||
|
* otherwise we ask the BIOS.
|
||||||
|
--
|
||||||
|
cgit 1.2-0.3.lf.el7
|
||||||
|
|
@ -560,6 +560,10 @@ Patch211: drm-i915-hush-check-crtc-state.patch
|
|||||||
|
|
||||||
Patch212: efi-secureboot.patch
|
Patch212: efi-secureboot.patch
|
||||||
|
|
||||||
|
# Fix printing of "EFI stub: UEFI Secure Boot is enabled.",
|
||||||
|
# queued upstream in efi.git/next
|
||||||
|
Patch213: efi-x86-call-parse-options-from-efi-main.patch
|
||||||
|
|
||||||
# 300 - ARM patches
|
# 300 - ARM patches
|
||||||
Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch
|
Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch
|
||||||
|
|
||||||
@ -1863,6 +1867,9 @@ fi
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 13 2018 Hans de Goede <hdegoede@redhat.com>
|
||||||
|
- Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot
|
||||||
|
|
||||||
* Wed Sep 12 2018 Jeremy Cline <jcline@redhat.com> - 4.19.0-0.rc3.git1.1
|
* Wed Sep 12 2018 Jeremy Cline <jcline@redhat.com> - 4.19.0-0.rc3.git1.1
|
||||||
- Linux v4.19-rc3-21-g5e335542de83
|
- Linux v4.19-rc3-21-g5e335542de83
|
||||||
- Re-enable debugging options.
|
- Re-enable debugging options.
|
||||||
|
Loading…
Reference in New Issue
Block a user