rpms / kernel

Clone
Source Code
GIT

Blame MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch

26 Label_NFS f10 f11 f12 f12-user-myoung-xendom0 f13 f13-2.6.33-master f13-user-steved-pnfs-13 f14 f14-user-kyle-bz664206 f14-user-kyle-f14-2.6.37 f14-user-lkundrak-vaio-brightness-645937 f14-user-steved-pnfs-f14 f15 f15-2.6.39 f15-30-going-on-40 f15-user-steved-pnfs-f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-pf f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main oneoffs private-jcm-arm-nosmp-kallsyms private-jcm-arm-nosmp-kallsyms-f17 private-nhorman-sgx-v15 rawhide rhbz_1205083 stabilization talos user/steved/f19-lnfs-v3.8 user/steved/f19-lnfs-v3.8-rc7
  1.   324841e6242e466f808961cbbed55842bf8bee29
  2.   MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch
Blob History Raw
0ad9385 
From 71db1b222ecdf6cb4356f6f1e2bd45cd2f0e85e1 Mon Sep 17 00:00:00 2001
0ad9385 
From: Laura Abbott <labbott@redhat.com>
0ad9385 
Date: Tue, 18 Oct 2016 13:58:44 -0700
0ad9385 
Subject: [PATCH] MODSIGN: Don't try secure boot if EFI runtime is disabled
0ad9385
0ad9385 
Secure boot depends on having EFI runtime variable access. The code
0ad9385 
does not handle a lack of runtime variables gracefully. Add a check
0ad9385 
to just bail out of EFI runtime is disabled.
0ad9385
0ad9385 
Signed-off-by: Laura Abbott <labbott@redhat.com>
0ad9385 
---
0ad9385 
 kernel/modsign_uefi.c | 4 ++++
0ad9385 
 1 file changed, 4 insertions(+)
0ad9385
0ad9385 
diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
0ad9385 
index a41da14..2bdaf76 100644
0ad9385 
--- a/kernel/modsign_uefi.c
0ad9385 
+++ b/kernel/modsign_uefi.c
0ad9385 
@@ -71,6 +71,10 @@ static int __init load_uefi_certs(void)
0ad9385 
 	if (!efi_enabled(EFI_SECURE_BOOT))
0ad9385 
 		return 0;
0ad9385
0ad9385 
+	/* Things blow up if efi runtime is disabled */
0ad9385 
+	if (efi_runtime_disabled())
0ad9385 
+		return 0;
0ad9385 
+
0ad9385 
 	keyring = get_system_keyring();
0ad9385 
 	if (!keyring) {
0ad9385 
 		pr_err("MODSIGN: Couldn't get system keyring\n");
0ad9385 
--
0ad9385 
2.7.4
0ad9385
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.