lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  9 Jan 2018 15:22:23 +0100
From:   Daniel Kiper <daniel.kiper@...cle.com>
To:     linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
        x86@...nel.org, xen-devel@...ts.xenproject.org
Cc:     ard.biesheuvel@...aro.org, boris.ostrovsky@...cle.com,
        hpa@...or.com, jgross@...e.com, konrad.wilk@...cle.com,
        mingo@...hat.com, tglx@...utronix.de
Subject: [PATCH 2/4] x86/xen/efi: Initialize boot_params.secure_boot in xen_efi_init()

Otherwise the kernel reports incorrect UEFI secure boot state in the Xen dom0.

By the way fix CFLAGS_mmu_pv.o assignment alignment.

Signed-off-by: Daniel Kiper <daniel.kiper@...cle.com>
---
 arch/x86/xen/Makefile |    4 +++-
 arch/x86/xen/efi.c    |   11 +++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/arch/x86/xen/Makefile b/arch/x86/xen/Makefile
index d83cb54..1b07664 100644
--- a/arch/x86/xen/Makefile
+++ b/arch/x86/xen/Makefile
@@ -12,7 +12,9 @@ endif
 # Make sure early boot has no stackprotector
 nostackp := $(call cc-option, -fno-stack-protector)
 CFLAGS_enlighten_pv.o		:= $(nostackp)
-CFLAGS_mmu_pv.o		:= $(nostackp)
+CFLAGS_mmu_pv.o			:= $(nostackp)
+
+CFLAGS_efi.o			+= -I$(srctree)/drivers/firmware
 
 obj-y		:= enlighten.o multicalls.o mmu.o irq.o \
 			time.o xen-asm.o xen-asm_$(BITS).o \
diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c
index a18703b..e089fa7 100644
--- a/arch/x86/xen/efi.c
+++ b/arch/x86/xen/efi.c
@@ -28,6 +28,15 @@
 #include <asm/setup.h>
 #include <asm/xen/hypercall.h>
 
+#define pr_efi(sys_table, msg)
+#define pr_efi_err(sys_table, msg)
+
+#define get_efi_var(name, vendor, attr, data_size, data) \
+		xen_efi_get_variable((efi_char16_t *)name, (efi_guid_t *)vendor, \
+				     attr, data_size, data)
+
+#include <efi/libstub/secureboot-core.c>
+
 static efi_char16_t vendor[100] __initdata;
 
 static efi_system_table_t efi_systab_xen __initdata = {
@@ -129,6 +138,8 @@ void __init xen_efi_init(void)
 	boot_params.efi_info.efi_systab = (__u32)__pa(efi_systab_xen);
 	boot_params.efi_info.efi_systab_hi = (__u32)(__pa(efi_systab_xen) >> 32);
 
+	boot_params.secure_boot = efi_get_secureboot(efi_systab_xen);
+
 	set_bit(EFI_BOOT, &efi.flags);
 	set_bit(EFI_PARAVIRT, &efi.flags);
 	set_bit(EFI_64BIT, &efi.flags);
-- 
1.7.10.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ