diff options
Diffstat (limited to 'kexec-uefi-copy-secure_boot-flag-in-boot-params.patch')
-rw-r--r-- | kexec-uefi-copy-secure_boot-flag-in-boot-params.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/kexec-uefi-copy-secure_boot-flag-in-boot-params.patch b/kexec-uefi-copy-secure_boot-flag-in-boot-params.patch deleted file mode 100644 index e239ea908..000000000 --- a/kexec-uefi-copy-secure_boot-flag-in-boot-params.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Dave Young <dyoung@redhat.com> - -[PATCH] kexec/uefi: copy secure_boot flag in boot params across kexec reboot - -Kexec reboot in case secure boot being enabled does not keep the secure boot -mode in new kernel, so later one can load unsigned kernel via legacy kexec_load. -In this state, the system is missing the protections provided by secure boot. - -Adding a patch to fix this by retain the secure_boot flag in original kernel. - -secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the stub. -Fixing this issue by copying secure_boot flag across kexec reboot. - -Signed-off-by: Dave Young <dyoung@redhat.com> ---- - arch/x86/kernel/kexec-bzimage64.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c -index 9642b9b..0539ec7 100644 ---- a/arch/x86/kernel/kexec-bzimage64.c -+++ b/arch/x86/kernel/kexec-bzimage64.c -@@ -178,6 +178,7 @@ setup_efi_state(struct boot_params *params, unsigned long params_load_addr, - if (efi_enabled(EFI_OLD_MEMMAP)) - return 0; - -+ params->secure_boot = boot_params.secure_boot; - ei->efi_loader_signature = current_ei->efi_loader_signature; - ei->efi_systab = current_ei->efi_systab; - ei->efi_systab_hi = current_ei->efi_systab_hi; |