From: Josh Boyer
Git-commit: Not yet
Patch-mainline: Not yet, from Fedora 18 kernel
Target: openSUSE 12.3
There are a few cases where in-kernel functions may need to know if
Secure Boot is enabled. The added capability check cannot be used as the
kernel can't drop it's own capabilites, so we add a global variable
similar to efi_enabled so they can determine if Secure Boot is enabled.
Signed-off-by: Josh Boyer
Acked-by: Lee, Chun-Yi
---
arch/x86/kernel/setup.c | 6 +++++-
arch/x86/platform/efi/efi.c | 2 ++
include/linux/efi.h | 3 +++
3 files changed, 10 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -964,8 +964,12 @@ void __init setup_arch(char **cmdline_p)
io_delay_init();
- if (boot_params.secure_boot)
+ if (boot_params.secure_boot) {
secureboot_enable();
+#ifdef CONFIG_EFI
+ secure_boot_enabled = 1;
+#endif
+ }
/*
* Parse the ACPI tables for possible boot-time SMP configuration.
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -54,6 +54,8 @@
int efi_enabled;
EXPORT_SYMBOL(efi_enabled);
+int secure_boot_enabled;
+
struct efi __read_mostly efi = {
.mps = EFI_INVALID_TABLE_ADDR,
.acpi = EFI_INVALID_TABLE_ADDR,
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -577,11 +577,14 @@ extern int __init efi_setup_pcdp_console
# ifdef CONFIG_X86
extern int efi_enabled;
extern bool efi_64bit;
+ extern int secure_boot_enabled;
# else
# define efi_enabled 1
+# define secure_boot_enabled 0
# endif
#else
# define efi_enabled 0
+# define secure_boot_enabled 0
#endif
/*
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org