[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161122203058.GA1844@wunner.de>
Date: Tue, 22 Nov 2016 21:30:58 +0100
From: Lukas Wunner <lukas@...ner.de>
To: David Howells <dhowells@...hat.com>
Cc: Matthew Garrett <matthew.garrett@...ula.com>,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, keyrings@...r.kernel.org
Subject: Re: [PATCH 4/6] efi: Get the secure boot status
On Tue, Nov 22, 2016 at 02:47:27PM +0000, David Howells wrote:
> Lukas Wunner <lukas@...ner.de> wrote:
> > The "out_efi_err" portion differs from the previous version of this
> > patch. Setting a __u8 to a negative value, is this really what you
> > want?
>
> Eh? efi_get_secureboot() returns an int as before. The out_efi_err:
> portions are exactly the same:
By "the previous version of this patch" I was referring to your
submission of Nov 16, not the existing code in the kernel.
Your patch didn't contain the out_efi_err portion.
You're assigning a negative value to boot_params->secure_boot
(which is declared __u8).
In the next patch you're just checking if the value isn't 0
and you're considerung secure boot to be enabled even though
GetVariable failed. Hence my question above, is this what
you want? Likely not, perhaps this is what you really want:
boot_params->secure_boot = (efi_get_secureboot() == 1);
Best regards,
Lukas
Powered by blists - more mailing lists