#include <linux/of_fdt.h>
#include <linux/platform_device.h>
#include <linux/screen_info.h>
+#include <linux/security.h>
#include <asm/efi.h>
return;
}
+ efi_set_secure_boot(efi_get__secure_boot());
+
+#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
+ if (efi_enabled(EFI_SECURE_BOOT))
+ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX);
+#endif
+
reserve_regions();
efi_esrt_init();
efi_mokvar_table_init();
MMSIZE,
DCSIZE,
DCVERS,
+ SCBOOT,
PARAMCOUNT
};
+static u32 __secure_boot __initdata = efi_secureboot_mode_unset;
+u32 __init efi_get__secure_boot(void)
+{
+ return __secure_boot;
+}
+
static __initconst const char name[][22] = {
[SYSTAB] = "System Table ",
[MMBASE] = "MemMap Address ",
[MMSIZE] = "MemMap Size ",
[DCSIZE] = "MemMap Desc. Size ",
[DCVERS] = "MemMap Desc. Version ",
+ [SCBOOT] = "Secure Boot Enabled ",
};
static __initconst const struct {
[MMSIZE] = "linux,uefi-mmap-size",
[DCSIZE] = "linux,uefi-mmap-desc-size",
[DCVERS] = "linux,uefi-mmap-desc-ver",
+ [SCBOOT] = "linux,uefi-secure-boot",
}
}
};
[MMSIZE] = { &mm->size, sizeof(mm->size) },
[DCSIZE] = { &mm->desc_size, sizeof(mm->desc_size) },
[DCVERS] = { &mm->desc_version, sizeof(mm->desc_version) },
+ [SCBOOT] = { &__secure_boot, sizeof(__secure_boot) },
};
BUILD_BUG_ON(ARRAY_SIZE(target) != ARRAY_SIZE(name));
}
}
+ fdt_val32 = cpu_to_fdt32(efi_get_secureboot());
+ status = fdt_setprop(fdt, node, "linux,uefi-secure-boot",
+ &fdt_val32, sizeof(fdt_val32));
+ if (status)
+ goto fdt_set_fail;
+
/* Shrink the FDT back to its minimum size: */
fdt_pack(fdt);
efi_secureboot_mode_enabled,
};
+#ifdef CONFIG_EFI_PARAMS_FROM_FDT
+u32 __init efi_get__secure_boot(void);
+#else
+static inline u32 efi_get__secure_boot(void)
+{
+ return efi_secureboot_mode_unset;
+};
+#endif
+
#ifdef CONFIG_EFI
/*
* Test whether the above EFI_* bits are enabled.
projects / mirror_ubuntu-impish-kernel.git / commitdiff