leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f3cf6f7434
linux/drivers/firmware/efi
History
Josh Boyer f3cf6f7434 efi: Disable secure boot if shim is in insecure mode 
A user can manually tell the shim boot loader to disable validation of
images it loads.  When a user does this, it creates a UEFI variable called
MokSBState that does not have the runtime attribute set.  Given that the
user explicitly disabled validation, we can honor that and not enable
secure boot mode if that variable is set.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1486380166-31868-6-git-send-email-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-02-07 10:42:10 +01:00
..
libstub efi: Disable secure boot if shim is in insecure mode 2017-02-07 10:42:10 +01:00
test efi/efi_test: Use memdup_user() as a cleanup 2016-10-18 17:11:19 +02:00
apple-properties.c x86/efi: Retrieve and assign Apple device properties 2016-11-13 08:23:16 +01:00
arm-init.c efi: Make EFI_MEMORY_ATTRIBUTES_TABLE initialization common across all architectures 2017-02-01 08:45:43 +01:00
arm-runtime.c arm64: dump: Make ptdump debugfs a separate option 2016-11-07 18:15:04 +00:00
capsule-loader.c efi/capsule: Allocate whole capsule into virtual memory 2016-08-11 13:55:36 +02:00
capsule.c efi/capsule: Allocate whole capsule into virtual memory 2016-08-11 13:55:36 +02:00
cper.c efi: Handle memory error structures produced based on old versions of standard 2015-07-15 13:30:38 +01:00
dev-path-parser.c efi: Add device path parser 2016-11-13 08:23:15 +01:00
efi-pstore.c Fix bug in module unloading. 2016-10-06 15:16:16 -07:00
efi.c efi: Make EFI_MEMORY_ATTRIBUTES_TABLE initialization common across all architectures 2017-02-01 08:45:43 +01:00
efibc.c efibc: Report more information in the error messages 2016-06-27 13:06:54 +02:00
efivars.c efi: Don't use spinlocks for efi vars 2016-09-09 16:08:42 +01:00
esrt.c efi/esrt: Fix typo in pr_err() message 2017-02-01 08:45:45 +01:00
fake_mem.c x86/efi: Don't allocate memmap through memblock after mm_init() 2017-01-07 08:58:07 +01:00
Kconfig x86/efi: Retrieve and assign Apple device properties 2016-11-13 08:23:16 +01:00
Makefile x86/efi: Retrieve and assign Apple device properties 2016-11-13 08:23:16 +01:00
memattr.c x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE 2017-02-01 08:45:44 +01:00
memmap.c x86/efi: Don't allocate memmap through memblock after mm_init() 2017-01-07 08:58:07 +01:00
reboot.c efi: Add 'capsule' update support 2016-04-28 11:34:03 +02:00
runtime-map.c efi/runtime-map: Use efi.memmap directly instead of a copy 2016-09-09 16:08:36 +01:00
runtime-wrappers.c efi: Replace runtime services spinlock with semaphore 2016-09-09 16:08:43 +01:00
vars.c efi: Don't use spinlocks for efi vars 2016-09-09 16:08:42 +01:00