From 1fc0f290caeb0720aa6c97177ab429953f5bf10f Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Wed, 29 Jan 2025 13:31:11 +0000
Subject: [PATCH 17/37] platform-intel: Disable legacy option ROM scan on UEFI
 machines

The legacy option ROM memory range from 0xc0000-0xeffff is not defined
on UEFI machines so don't attempt to scan it. This avoids lockdown log
spam when Secure Boot is enabled (avoids use of /dev/mem).

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 platform-intel.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/platform-intel.c b/platform-intel.c
index 95bc4929..270aef36 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -607,6 +607,7 @@ const struct imsm_orom *imsm_platform_test(struct sys_dev *hba)
 
 static const struct imsm_orom *find_imsm_hba_orom(struct sys_dev *hba)
 {
+	struct stat st;
 	unsigned long align;
 
 	if (check_env("IMSM_TEST_OROM"))
@@ -616,6 +617,10 @@ static const struct imsm_orom *find_imsm_hba_orom(struct sys_dev *hba)
 	if (check_env("IMSM_TEST_AHCI_EFI") || check_env("IMSM_TEST_SCU_EFI"))
 		return NULL;
 
+	/* Skip legacy option ROM scan when EFI booted */
+	if (stat("/sys/firmware/efi", &st) == 0 && S_ISDIR(st.st_mode))
+		return NULL;
+
 	find_intel_devices();
 
 	if (intel_devices == NULL)
-- 
2.41.0