superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/firmware/efi/libstub
History
Ard Biesheuvel 5f56a74cc0 efi: libstub: check Shim mode using MokSBStateRT 
We currently check the MokSBState variable to decide whether we should
treat UEFI secure boot as being disabled, even if the firmware thinks
otherwise. This is used by shim to indicate that it is not checking
signatures on boot images. In the kernel, we use this to relax lockdown
policies.

However, in cases where shim is not even being used, we don't want this
variable to interfere with lockdown, given that the variable may be
non-volatile and therefore persist across a reboot. This means setting
it once will persistently disable lockdown checks on a given system.

So switch to the mirrored version of this variable, called MokSBStateRT,
which is supposed to be volatile, and this is something we can check.

Cc: <stable@vger.kernel.org> # v4.19+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Peter Jones <pjones@redhat.com>
 		2022-09-22 10:15:44 +02:00
..
Makefile efi: libstub: Disable struct randomization 2022-08-25 10:58:33 +02:00
alignedmem.c efi/libstub: Fix gcc error around __umoddi3 for 32 bit builds 2020-07-09 09:45:09 +03:00
arm32-stub.c efi: libstub: pass image handle to handle_kernel_image() 2022-05-03 15:31:28 +02:00
arm64-stub.c efi/arm64: libstub: run image in place if randomized by the loader 2022-05-03 15:31:29 +02:00
efi-stub-helper.c efi/libstub: measure loaded initrd info into the TPM 2022-01-06 21:19:05 +01:00
efi-stub.c efi: libstub: pass image handle to handle_kernel_image() 2022-05-03 15:31:28 +02:00
efistub.h riscv/efi_stub: Add support for RISCV_EFI_BOOT_PROTOCOL 2022-05-19 10:22:17 +02:00
fdt.c efi/libstub: Simplify "Exiting bootservices" message 2021-10-05 13:05:58 +02:00
file.c efi/libstub: prevent read overflow in find_file_option() 2021-05-22 14:05:32 +02:00
gop.c efi/gop: Add an option to list out the available GOP modes 2020-05-20 19:09:20 +02:00
mem.c Linux 5.7-rc7 2020-05-25 15:10:37 +02:00
pci.c efi/libstub: Correct comment typos 2020-05-06 11:27:55 +02:00
random.c efi/libstub: Describe RNG functions 2020-02-23 21:57:19 +01:00
randomalloc.c efi: stub: prefer mirrored memory for randomized allocations 2022-05-06 09:51:22 +02:00
relocate.c efi/libstub: Export efi_low_alloc_above() to other units 2020-09-16 18:54:59 +03:00
riscv-stub.c riscv/efi_stub: Add 64bit boot-hartid support on RV64 2022-07-19 16:39:19 -07:00
secureboot.c efi: libstub: check Shim mode using MokSBStateRT 2022-09-22 10:15:44 +02:00
skip_spaces.c efi/libstub: Fix missing-prototype warning for skip_spaces() 2020-06-15 19:43:58 +02:00
string.c efi/libstub: Fix missing-prototypes in string.c 2020-09-25 23:29:04 +02:00
tpm.c More EFI changes for v5.8: 2020-05-25 15:11:14 +02:00
vsprintf.c isystem: ship and use stdarg.h 2021-08-19 09:02:55 +09:00
x86-stub.c efi: x86: Wipe setup_data on pure EFI boot 2022-09-22 10:12:51 +02:00