diff --git a/efi-x86-call-parse-options-from-efi-main.patch b/efi-x86-call-parse-options-from-efi-main.patch new file mode 100644 index 0000000..a1a3a34 --- /dev/null +++ b/efi-x86-call-parse-options-from-efi-main.patch @@ -0,0 +1,58 @@ +From ecb77f61f10b36476133e31cdc001892b5463b90 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 12 Sep 2018 20:32:05 +0200 +Subject: efi/x86: Call efi_parse_options() from efi_main() + +Before this commit we were only calling efi_parse_options() from +make_boot_params(), but make_boot_params() only gets called if the +kernel gets booted directly as an EFI executable. So when booted through +e.g. grub we ended up not parsing the commandline in the boot code. + +This makes the drivers/firmware/efi/libstub code ignore the "quiet" +commandline argument resulting in the following message being printed: +"EFI stub: UEFI Secure Boot is enabled." + +Despite the quiet request. This commits adds an extra call to +efi_parse_options() to efi_main() to make sure that the options are +always processed. This fixes quiet not working. + +This also fixes the libstub code ignoring nokaslr and efi=nochunk. + +Reported-by: Peter Robinson +Signed-off-by: Hans de Goede +Signed-off-by: Ard Biesheuvel +--- + arch/x86/boot/compressed/eboot.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index 1458b1700fc7..8b4c5e001157 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -738,6 +738,7 @@ efi_main(struct efi_config *c, struct boot_params *boot_params) + struct desc_struct *desc; + void *handle; + efi_system_table_t *_table; ++ unsigned long cmdline_paddr; + + efi_early = c; + +@@ -755,6 +756,15 @@ efi_main(struct efi_config *c, struct boot_params *boot_params) + else + setup_boot_services32(efi_early); + ++ /* ++ * make_boot_params() may have been called before efi_main(), in which ++ * case this is the second time we parse the cmdline. This is ok, ++ * parsing the cmdline multiple times does not have side-effects. ++ */ ++ cmdline_paddr = ((u64)hdr->cmd_line_ptr | ++ ((u64)boot_params->ext_cmd_line_ptr << 32)); ++ efi_parse_options((char *)cmdline_paddr); ++ + /* + * If the boot loader gave us a value for secure_boot then we use that, + * otherwise we ask the BIOS. +-- +cgit 1.2-0.3.lf.el7 + diff --git a/kernel.spec b/kernel.spec index edc105d..2d77281 100644 --- a/kernel.spec +++ b/kernel.spec @@ -560,6 +560,10 @@ Patch211: drm-i915-hush-check-crtc-state.patch Patch212: efi-secureboot.patch +# Fix printing of "EFI stub: UEFI Secure Boot is enabled.", +# queued upstream in efi.git/next +Patch213: efi-x86-call-parse-options-from-efi-main.patch + # 300 - ARM patches Patch300: arm64-Add-option-of-13-for-FORCE_MAX_ZONEORDER.patch @@ -1863,6 +1867,9 @@ fi # # %changelog +* Thu Sep 13 2018 Hans de Goede +- Add patch silencing "EFI stub: UEFI Secure Boot is enabled." at boot + * Wed Sep 12 2018 Jeremy Cline - 4.19.0-0.rc3.git1.1 - Linux v4.19-rc3-21-g5e335542de83 - Re-enable debugging options.