From patchwork Wed Mar 1 19:04:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94735 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp1953876qgi; Wed, 1 Mar 2017 11:14:36 -0800 (PST) X-Received: by 10.84.192.137 with SMTP id c9mr12409138pld.17.1488395676851; Wed, 01 Mar 2017 11:14:36 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s3si5329736pgn.344.2017.03.01.11.14.36; Wed, 01 Mar 2017 11:14:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752845AbdCATOg (ORCPT + 2 others); Wed, 1 Mar 2017 14:14:36 -0500 Received: from mail-wr0-f175.google.com ([209.85.128.175]:34150 "EHLO mail-wr0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751995AbdCATOd (ORCPT ); Wed, 1 Mar 2017 14:14:33 -0500 Received: by mail-wr0-f175.google.com with SMTP id l37so37035342wrc.1 for ; Wed, 01 Mar 2017 11:12:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=smARQzXeJmLjZIqRQVGUT9cvGLW8xIqyh7PNdpKenVE=; b=Lk4GK/ntoEgkUy2ehFneAh3TOzSgeWBj+ZyBcV7DPDO7hZu8tVv4M0XeuS6RDYzOPp keV8vwSC0IQ0PLfc8Jm+UqCfPXl/u9OLEIsUV26QZc+Km+4XT4JO35QVvwttZfrCwe88 +IPjPKHjxoOFyA8qw9r89UzaIvzYn6hOG9zLQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=smARQzXeJmLjZIqRQVGUT9cvGLW8xIqyh7PNdpKenVE=; b=KEiZXspHoG1dhSQwKweiTACRTHjXAuw1VWQ77SYOyo1FVrt5Hd95Sw8qSjE31aJ8un R0AXb3g8fGiEhVtlztifKGYzWcdVwPXZIedXVboJlV3U/4HW1ngbemjy5lq/AYW8W70o FZq6w0khOb9zPwiPdWT+ctuy078BRrS9uMOme8Zio8jM6vUpO/Vg1WxwfC+EXo2EzXwH AZFi6WpFzX/aHEbVZ3xI6l94BCxFBAnL9hB8HmivZimHVbry73+kENOpt+ATlOR9AFGC SF6QFfraX58hwMSicFOy3A5O7GMMwaIAgILb/FNPITKWF9zA86abWFx7vs8xf7wacAE2 ftPg== X-Gm-Message-State: AMke39mv6g24WJYn6OA+e2HmN3st42DHsXQLcBtDU/J/pIoKcBcZL2mMF1qTGVThZm01rM8z X-Received: by 10.223.147.162 with SMTP id 31mr8371181wrp.133.1488395113760; Wed, 01 Mar 2017 11:05:13 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id j18sm7738024wrb.33.2017.03.01.11.05.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 11:05:13 -0800 (PST) From: Ard Biesheuvel To: matt@codeblueprint.co.uk, Ingo Molnar , Thomas Gleixner , "H . Peter Anvin" Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH 1/2] efi: libstub: Treat missing SecureBoot variable as S/B disabled Date: Wed, 1 Mar 2017 19:04:35 +0000 Message-Id: <1488395076-29712-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488395076-29712-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488395076-29712-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org The newly refactored code that infers the firmware's Secure Boot state prints the following error when the EFI variable 'SecureBoot' does not exist: EFI stub: ERROR: Could not determine UEFI Secure Boot status. However, this variable is only guaranteed to be defined on a system that is Secure Boot capable to begin with, and so it is not an error if it is missing. So report Secure Boot as being disabled in this case, without printing any error messages. Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/secureboot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c index 6def402bf569..5da36e56b36a 100644 --- a/drivers/firmware/efi/libstub/secureboot.c +++ b/drivers/firmware/efi/libstub/secureboot.c @@ -45,6 +45,8 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) size = sizeof(secboot); status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid, NULL, &size, &secboot); + if (status == EFI_NOT_FOUND) + return efi_secureboot_mode_disabled; if (status != EFI_SUCCESS) goto out_efi_err; @@ -78,7 +80,5 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) out_efi_err: pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n"); - if (status == EFI_NOT_FOUND) - return efi_secureboot_mode_disabled; return efi_secureboot_mode_unknown; }