efi: Disable secure boot if shim is in insecure mode - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Josh Boyer <jwboyer@fedoraproject.org>	2017-02-06 11:22:44 +0000
committer	Ingo Molnar <mingo@kernel.org>	2017-02-07 10:42:10 +0100
commit	f3cf6f7434debcc65f397228c689641b07c1be35 (patch)
tree	c4e7e063028effbf022baf8ce0eeebcad643df7f /lib/fdt.c
parent	de8cb458625c164bb3f93c4e415e479afce8fa9d (diff)
download	linux-f3cf6f7434debcc65f397228c689641b07c1be35.tar.bz2

efi: Disable secure boot if shim is in insecure mode

A user can manually tell the shim boot loader to disable validation of images it loads. When a user does this, it creates a UEFI variable called MokSBState that does not have the runtime attribute set. Given that the user explicitly disabled validation, we can honor that and not enable secure boot mode if that variable is set. Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Matt Fleming <matt@codeblueprint.co.uk> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1486380166-31868-6-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar <mingo@kernel.org>

Diffstat (limited to 'lib/fdt.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: