1 files changed, 39 insertions, 0 deletions

diff --git a/efi-Add-EFI_SECURE_BOOT-bit.patch b/efi-Add-EFI_SECURE_BOOT-bit.patch
new file mode 100644
index 000000000..318a8e70d
--- /dev/null
+++ b/efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -0,0 +1,39 @@
+From: Josh Boyer <jwboyer@fedoraproject.org>
+Date: Tue, 27 Aug 2013 13:33:03 -0400
+Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
+
+UEFI machines can be booted in Secure Boot mode.  Add a EFI_SECURE_BOOT bit
+for use with efi_enabled.
+
+Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
+---
+ arch/x86/kernel/setup.c | 2 ++
+ include/linux/efi.h     | 1 +
+ 2 files changed, 3 insertions(+)
+
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
+index c2e4f52cad30..5def6b4143fa 100644
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
+ 
+ #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
+ 	if (boot_params.secure_boot) {
++		set_bit(EFI_SECURE_BOOT, &efi.flags);
+ 		enforce_signed_modules();
++		pr_info("Secure boot enabled\n");
+ 	}
+ #endif
+ 
+diff --git a/include/linux/efi.h b/include/linux/efi.h
+index 85ef051ac6fb..de3e45088d4a 100644
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -959,6 +959,7 @@ extern int __init efi_setup_pcdp_console(char *);
+ #define EFI_PARAVIRT		6	/* Access is via a paravirt interface */
+ #define EFI_ARCH_1		7	/* First arch-specific bit */
+ #define EFI_DBG			8	/* Print additional debug info at runtime */
++#define EFI_SECURE_BOOT		9	/* Are we in Secure Boot mode? */
+ 
+ #ifdef CONFIG_EFI
+ /*