On Mon, Sep 02, 2019 at 12:00:54AM +0200, John S Gruber wrote:
From: "John S. Gruber" JohnSGruber@gmail.com
commit a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else") now zeros the secure boot information passed by the boot loader or by the kernel's efi handover mechanism. Include boot-params.secure_boot in the preserve field list.
I noted a change in my computers between running signed 5.3-rc4 and 5.3-rc6 with signed kernels using the efi handoff protocol with grub. The kernel log message "Secure boot enabled" becomes "Secure boot could not be determined". The efi_main function in arch/x86/boot/compressed/eboot.c sets this field early but it is subsequently zeroed by the above referenced commit in the file arch/x86/include/asm/bootparam_utils.h
Fixes: commit a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else") Signed-off-by: John S. Gruber JohnSGruber@gmail.com
Adjusted the patch for John Hubbard's comments.
arch/x86/include/asm/bootparam_utils.h | 1 + 1 file changed, 1 insertion(+)
diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h index 9e5f3c7..981fe92 100644 --- a/arch/x86/include/asm/bootparam_utils.h +++ b/arch/x86/include/asm/bootparam_utils.h @@ -70,6 +70,7 @@ static void sanitize_boot_params(struct boot_params *boot_params)
gmail has managed to chew this patch:
checking file arch/x86/include/asm/bootparam_utils.h patch: **** malformed patch at line 48: *boot_params)
See: https://www.kernel.org/doc/html/latest/process/email-clients.html#gmail-web-...
You might find a better client in there if you wanna send more patches in the future.