From patchwork Thu Feb 16 18:08:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94103 Delivered-To: patch@linaro.org Received: by 10.182.3.34 with SMTP id 2csp2626973obz; Thu, 16 Feb 2017 10:08:34 -0800 (PST) X-Received: by 10.98.198.90 with SMTP id m87mr4060894pfg.153.1487268514456; Thu, 16 Feb 2017 10:08:34 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v1si6805751plk.19.2017.02.16.10.08.34; Thu, 16 Feb 2017 10:08:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933104AbdBPSId (ORCPT + 2 others); Thu, 16 Feb 2017 13:08:33 -0500 Received: from mail-wr0-f178.google.com ([209.85.128.178]:36251 "EHLO mail-wr0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933021AbdBPSIc (ORCPT ); Thu, 16 Feb 2017 13:08:32 -0500 Received: by mail-wr0-f178.google.com with SMTP id 89so12703601wrr.3 for ; Thu, 16 Feb 2017 10:08:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=2tN5RkyDIAOTrivWWhN8x9rRv40WbBC+IDnma5HjPlA=; b=KltSb16d1TxWhGHqZG7cFxzdFZWzgvIZZ4xHqRLXbuT0CMPzOL+ndgcqarRYKMRr3x BP/7b78AGWY/RbVb3gz3V3RGioTgeWmh9B8NFcGsc+9rFWSJGcqE9jqCsIZHpExLkAN6 nPOCU5h8JWcZGdFXkBJpdw1cSJ9aaEUEb5tGc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2tN5RkyDIAOTrivWWhN8x9rRv40WbBC+IDnma5HjPlA=; b=aQuzrsbGkakpC5b77bX0nlP0Brn/EIHp8MzRxyXlVW6g37MdOu6b/5XW3EVYFs39MI FFNWp/WBUs5Woqk8JyabnEOtvPkv/oyLD8qneCh8LiXzw495aJmC1IbzmesfPSy1WuJR fCgpS42ZYvCP4ScJJc/Ca+z0KDPYUN7UyjQbHjdKmAuAjTDcYB3ENkWBxRxLeUStOuAx qfr+PLNBma7aINefYYY9r49YsIrDAIUlaPa4jwGKt57a71oImBUIuqs6K+kwzp4Cqc3A h9a8GaURg8FpUvjYV/f5OwxkqOOKMfGZe+pDgd9TV7h5Jt37CvRPzNMuS/M6+5HzPoF/ KG5g== X-Gm-Message-State: AMke39liuxNrf5f4jl9B71Ds+Cp+Uy+cKvlxCsTaBjEDObFBoL9cz0kRHG5uZvkS47czCn2k X-Received: by 10.223.155.135 with SMTP id d7mr3204164wrc.99.1487268510440; Thu, 16 Feb 2017 10:08:30 -0800 (PST) Received: from localhost.localdomain ([105.149.119.159]) by smtp.gmail.com with ESMTPSA id v21sm8037017wra.67.2017.02.16.10.08.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 16 Feb 2017 10:08:29 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, dhowells@redhat.com Cc: matt@codeblueprint.co.uk, jwboyer@fedoraproject.org, Ard Biesheuvel Subject: [PATCH v2] efi: libstub: treat missing SecureBoot variable as S/B disabled Date: Thu, 16 Feb 2017 18:08:23 +0000 Message-Id: <1487268503-21570-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org The newly refactored code that infers the firmware's Secure Boot state prints the following error when the variables 'SecureBoot' is missing. EFI stub: ERROR: Could not determine UEFI Secure Boot status. However, this variable is only guaranteed to be defined on a system that is Secure Boot capable to begin with, and so it is not an error if it is missing. So report Secure Boot as being disabled in this case, without printing any error messages. Signed-off-by: Ard Biesheuvel --- v2: treat SecureBoot present but SetupMode missing as 'unknown' not 'disabled' drivers/firmware/efi/libstub/secureboot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c index 766ac06dac84..8fa8af4b3ca8 100644 --- a/drivers/firmware/efi/libstub/secureboot.c +++ b/drivers/firmware/efi/libstub/secureboot.c @@ -47,6 +47,8 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) size = sizeof(secboot); status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid, NULL, &size, &secboot); + if (status == EFI_NOT_FOUND) + return efi_secureboot_mode_disabled; if (status != EFI_SUCCESS) goto out_efi_err; @@ -80,7 +82,5 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) out_efi_err: pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n"); - if (status == EFI_NOT_FOUND) - return efi_secureboot_mode_disabled; return efi_secureboot_mode_unknown; }