From patchwork Thu Feb 16 17:56:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94102 Delivered-To: patch@linaro.org Received: by 10.182.3.34 with SMTP id 2csp2621746obz; Thu, 16 Feb 2017 09:56:48 -0800 (PST) X-Received: by 10.84.211.137 with SMTP id c9mr4892677pli.8.1487267808557; Thu, 16 Feb 2017 09:56:48 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m14si7114180pln.225.2017.02.16.09.56.48; Thu, 16 Feb 2017 09:56:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932410AbdBPR4q (ORCPT + 2 others); Thu, 16 Feb 2017 12:56:46 -0500 Received: from mail-wm0-f48.google.com ([74.125.82.48]:37735 "EHLO mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932254AbdBPR4p (ORCPT ); Thu, 16 Feb 2017 12:56:45 -0500 Received: by mail-wm0-f48.google.com with SMTP id v77so21373749wmv.0 for ; Thu, 16 Feb 2017 09:56:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=Uh94zaWBtE+OOFiHHErk18kQEVz7Wu5zWNkiFSOL9SQ=; b=MLd177iBgdwaOEDh6lkvFVMrSaoV7JrOLn+zYaYcoEd+9IDH4DgEBVNM6P2X3IkVYx tnnK+vAGLPmqW7a3DgqjgH8SlYX9dHqCR25pin2h6wtCIdV9A+E0Df/MnTUim0+4tJkg NfR2lMnjUVUL6suD+B6yVMyhnK/L/RovHCQDM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Uh94zaWBtE+OOFiHHErk18kQEVz7Wu5zWNkiFSOL9SQ=; b=HmyLC6gVMXEeic1XppK56zeOeoPLVJAPoqZlQVzyY4f7PAZ0c2Py8l7FIaaNkHyQ/R N3oXtl2kt3EHvAARCIMQnX9o6scU7NRjUAnZHVEGVRrwu5Wa69qd8//kiAF+WXlFz/CL /omsGTMAtM2VmbxWEDMExsnpPVNEe1dEqdO6O4UxeEd612+dWnpVJSvdfbJNEA/tgvrW 0p6x5zRnpKNxqPLdu6pzIraGlv6EK/jHLInZEfhIW7KdfDSWmekEPJBHNfzetEJWhV3J 1k7ofoDNFpti3THrhR0h3DCyC2wZ5vW1Qayzs9RSBONaFD/gCmmrK1PIjeWYmx5cgYcD aI1w== X-Gm-Message-State: AMke39nHq3IV7aOoPrFHqfCgNTk4R5tlBE69uwKf11fu+DvBYEv5fL5d5ea052Jd3kYfSfaZ X-Received: by 10.28.213.193 with SMTP id m184mr14363826wmg.28.1487267803605; Thu, 16 Feb 2017 09:56:43 -0800 (PST) Received: from localhost.localdomain ([105.149.119.159]) by smtp.gmail.com with ESMTPSA id v102sm9871733wrb.11.2017.02.16.09.56.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 16 Feb 2017 09:56:42 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, dhowells@redhat.com Cc: matt@codeblueprint.co.uk, jwboyer@fedoraproject.org, Ard Biesheuvel Subject: [PATCH] efi: libstub: treat missing SecureBoot/SetupMode vars as SB disabled Date: Thu, 16 Feb 2017 17:56:34 +0000 Message-Id: <1487267794-4691-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org The newly refactored code that infers the firmware's Secure Boot state prints the following error when the variables 'SecureBoot' or 'SetupMode' are missing. EFI stub: ERROR: Could not determine UEFI Secure Boot status. However, these variables are only guaranteed to be defined on a system that is Secure Boot capable to begin with, and so it is not an error if they are missing. So report Secure Boot as disabled in this case, without printing any error messages. Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/secureboot.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c index 766ac06dac84..1987410e8242 100644 --- a/drivers/firmware/efi/libstub/secureboot.c +++ b/drivers/firmware/efi/libstub/secureboot.c @@ -47,12 +47,16 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) size = sizeof(secboot); status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid, NULL, &size, &secboot); + if (status == EFI_NOT_FOUND) + return efi_secureboot_mode_disabled; if (status != EFI_SUCCESS) goto out_efi_err; size = sizeof(setupmode); status = get_efi_var(efi_SetupMode_name, &efi_variable_guid, NULL, &size, &setupmode); + if (status == EFI_NOT_FOUND) + return efi_secureboot_mode_disabled; if (status != EFI_SUCCESS) goto out_efi_err; @@ -80,7 +84,5 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) out_efi_err: pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n"); - if (status == EFI_NOT_FOUND) - return efi_secureboot_mode_disabled; return efi_secureboot_mode_unknown; }