The efi stub will set the value of boot_params.secure_boot
without first checking whether boot_params has been sanitized. If
they have not, the value of secure_boot will be cleared later
when boot_params is sanitized. This currently happens with grub
as it currently does not clear the sentinel, and thus the kernel
cannot determine the secure boot state.
Since the efi stub is modifying a field in an area subject to
sanitization, it must first sanitize boot_params if needed. Later
sanitization by the decompressor will do nothing as the sentinel
value will have been cleared.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
#include <asm/e820/types.h>
#include <asm/setup.h>
#include <asm/desc.h>
+#include <asm/bootparam_utils.h>
#include "../string.h"
#include "eboot.h"
else
setup_boot_services32(efi_early);
+ sanitize_boot_params(boot_params);
+
/*
* If the boot loader gave us a value for secure_boot then we use that,
* otherwise we ask the BIOS.