arm64: lockdown: Move init_lockdown() call after efi_init()
The lockdown code for arm64 currently fails to engage when in Secure Boot mode. Seth Forshee noticed that this is because init_lockdown() checks for efi_enabled(EFI_BOOT), but that bit doesn't get set until uefi_init() is called.
This commit is contained in:
parent
357888c75c
commit
1ebd53abbf
|
@ -24,6 +24,9 @@ linux (4.19.20-2) UNRELEASED; urgency=medium
|
|||
is enabled on Orange Pi Plus.
|
||||
* [armhf] Enable REGULATOR_SY8106A as module.
|
||||
|
||||
[ dann frazier ]
|
||||
* arm64: lockdown: Move init_lockdown() call after uefi_init()
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Tue, 12 Feb 2019 12:49:10 +0000
|
||||
|
||||
linux (4.19.20-1) unstable; urgency=medium
|
||||
|
|
|
@ -19,6 +19,7 @@ Signed-off-by: Linn Crosetto <linn@hpe.com>
|
|||
efi_set_secure_boot() in main kernel
|
||||
- Use lockdown API and naming]
|
||||
[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()]
|
||||
[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection]
|
||||
---
|
||||
arch/arm64/Kconfig | 13 +++++++++++++
|
||||
drivers/firmware/efi/arm-init.c | 7 +++++++
|
||||
|
@ -39,16 +40,16 @@ Signed-off-by: Linn Crosetto <linn@hpe.com>
|
|||
|
||||
#include <asm/efi.h>
|
||||
|
||||
@@ -252,6 +253,9 @@ void __init efi_init(void)
|
||||
"Unexpected EFI_MEMORY_DESCRIPTOR version %ld",
|
||||
efi.memmap.desc_version);
|
||||
@@ -257,6 +258,9 @@ void __init efi_init(void)
|
||||
return;
|
||||
}
|
||||
|
||||
+ efi_set_secure_boot(params.secure_boot);
|
||||
+ init_lockdown();
|
||||
+
|
||||
if (uefi_init() < 0) {
|
||||
efi_memmap_unmap();
|
||||
return;
|
||||
reserve_regions();
|
||||
efi_esrt_init();
|
||||
|
||||
--- a/drivers/firmware/efi/efi.c
|
||||
+++ b/drivers/firmware/efi/efi.c
|
||||
@@ -657,7 +657,8 @@ static __initdata struct params fdt_para
|
||||
|
|
Loading…
Reference in New Issue