diff options
Diffstat (limited to 'MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch')
| -rw-r--r-- | MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch b/MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch new file mode 100644 index 000000000..6f5d8b6ab --- /dev/null +++ b/MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch @@ -0,0 +1,32 @@ +From 71db1b222ecdf6cb4356f6f1e2bd45cd2f0e85e1 Mon Sep 17 00:00:00 2001 +From: Laura Abbott <labbott@redhat.com> +Date: Tue, 18 Oct 2016 13:58:44 -0700 +Subject: [PATCH] MODSIGN: Don't try secure boot if EFI runtime is disabled + +Secure boot depends on having EFI runtime variable access. The code +does not handle a lack of runtime variables gracefully. Add a check +to just bail out of EFI runtime is disabled. + +Signed-off-by: Laura Abbott <labbott@redhat.com> +--- + kernel/modsign_uefi.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c +index a41da14..2bdaf76 100644 +--- a/kernel/modsign_uefi.c ++++ b/kernel/modsign_uefi.c +@@ -71,6 +71,10 @@ static int __init load_uefi_certs(void) + if (!efi_enabled(EFI_SECURE_BOOT)) + return 0; + ++ /* Things blow up if efi runtime is disabled */ ++ if (efi_runtime_disabled()) ++ return 0; ++ + keyring = get_system_keyring(); + if (!keyring) { + pr_err("MODSIGN: Couldn't get system keyring\n"); +-- +2.7.4 + |