On 10-Feb-2022, at 4:17 PM, Aditya Garg gargaditya08@live.com wrote:
From: Aditya Garg gargaditya08@live.com
On T2 Macs, the secure boot is handled by the T2 Chip. If enabled, only macOS and Windows are allowed to boot on these machines. Thus we need to disable secure boot for Linux. If we boot into Linux after disabling secure boot, if CONFIG_LOAD_UEFI_KEYS is enabled, EFI Runtime services fail to start, with the following logs in dmesg
Call Trace:
<TASK> page_fault_oops+0x4f/0x2c0 ? search_bpf_extables+0x6b/0x80 ? search_module_extables+0x50/0x80 ? search_exception_tables+0x5b/0x60 kernelmode_fixup_or_oops+0x9e/0x110 __bad_area_nosemaphore+0x155/0x190 bad_area_nosemaphore+0x16/0x20 do_kern_addr_fault+0x8c/0xa0 exc_page_fault+0xd8/0x180 asm_exc_page_fault+0x1e/0x30 (Removed some logs from here) ? __efi_call+0x28/0x30 ? switch_mm+0x20/0x30 ? efi_call_rts+0x19a/0x8e0 ? process_one_work+0x222/0x3f0 ? worker_thread+0x4a/0x3d0 ? kthread+0x17a/0x1a0 ? process_one_work+0x3f0/0x3f0 ? set_kthread_struct+0x40/0x40 ? ret_from_fork+0x22/0x30 </TASK> ---[ end trace 1f82023595a5927f ]--- efi: Froze efi_rts_wq and disabled EFI Runtime Services integrity: Couldn't get size: 0x8000000000000015 integrity: MODSIGN: Couldn't get UEFI db list efi: EFI Runtime Services are disabled! integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get UEFI dbx list integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get mokx list integrity: Couldn't get size: 0x80000000
This patch prevents querying of these UEFI variables, since these Macs seem to use a non-standard EFI hardware
Cc: stable@vger.kernel.org Signed-off-by: Aditya Garg gargaditya08@live.com
v2 :- Reduce code size of the table. V3 :- Close the brackets which were left open by mistake. .../platform_certs/keyring_handler.h | 8 ++++ security/integrity/platform_certs/load_uefi.c | 48 +++++++++++++++++++ 2 files changed, 56 insertions(+)
Hi
May I have any updates on this patch?