diff options
| -rw-r--r-- | efi-x86-call-parse-options-from-efi-main.patch | 58 | ||||
| -rw-r--r-- | kernel.spec | 7 |
2 files changed, 65 insertions, 0 deletions
diff --git a/efi-x86-call-parse-options-from-efi-main.patch b/efi-x86-call-parse-options-from-efi-main.patch new file mode 100644 index 000000000..a1a3a34d4 --- /dev/null +++ b/efi-x86-call-parse-options-from-efi-main.patch @@ -0,0 +1,58 @@ +From ecb77f61f10b36476133e31cdc001892b5463b90 Mon Sep 17 00:00:00 2001 +From: Hans de Goede <hdegoede@redhat.com> +Date: Wed, 12 Sep 2018 20:32:05 +0200 +Subject: efi/x86: Call efi_parse_options() from efi_main() + +Before this commit we were only calling efi_parse_options() from +make_boot_params(), but make_boot_params() only gets called if the +kernel gets booted directly as an EFI executable. So when booted through +e.g. grub we ended up not parsing the commandline in the boot code. + +This makes the drivers/firmware/efi/libstub code ignore the "quiet" +commandline argument resulting in the following message being printed: +"EFI stub: UEFI Secure Boot is enabled." + +Despite the quiet request. This commits adds an extra call to +efi_parse_options() to efi_main() to make sure that the options are +always processed. This fixes quiet not working. + +This also fixes the libstub code ignoring nokaslr and efi=nochunk. + +Reported-by: Peter Robinson <pbrobinson@redhat.com> +Signed-off-by: Hans de Goede <hdegoede@redhat.com> +Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> +--- + arch/x86/boot/compressed/eboot.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index 1458b1700fc7..8b4c5e001157 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -738,6 +738,7 @@ efi_main(struct efi_config *c, struct boot_params *boot_params) + struct desc_struct *desc; + void *handle; + efi_system_table_t *_table; ++ unsigned long cmdline_paddr; + + efi_early = c; + +@@ -755,6 +756,15 @@ efi_main(struct efi_config *c, struct boot_params *boot_params) + else + setup_boot_services32(efi_early); + ++ /* ++ * make_boot_params() may have been called before efi_main(), in which ++ * case this is the second time we parse the cmdline. This is ok, ++ * parsing the cmdline multiple times does not have side-effects. ++ */ ++ cmdline_paddr = ((u64)hdr->cmd_line_ptr | ++ ((u64)boot_params->ext_cmd_line_ptr << 32)); ++ efi_parse_options((char *)cmdline_paddr); ++ + /* + * If the boot loader gave us a value for secure_boot then we use that, + * otherwise we ask the BIOS. +-- +cgit 1.2-0.3.lf.el7 + diff --git a/kernel.spec b/kernel.spec index edc105d80..2d7728165 100644 --- a/kernel.spec +++ b/kernel.spec @@ -560,6 +560,10 @@ Patch211: drm-i915-hush-check-crtc-state.patch Patch212: efi-secureboot.patch +# Fix printing of "EFI stub: UEFI Secure Boot is enabled.", +# queued upstream in efi.git/next +Patch213: efi-x86-call-parse-options-from-efi-main.patch + # 300 - ARM patches Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch @@ -1863,6 +1867,9 @@ fi # # %changelog +* Thu Sep 13 2018 Hans de Goede <hdegoede@redhat.com> +- Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot + * Wed Sep 12 2018 Jeremy Cline <jcline@redhat.com> - 4.19.0-0.rc3.git1.1 - Linux v4.19-rc3-21-g5e335542de83 - Re-enable debugging options. |