linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "tip-bot2 for John S. Gruber" <tip-bot2@linutronix.de>
To: linux-tip-commits@vger.kernel.org
Cc: "John S. Gruber" <JohnSGruber@gmail.com>,
	Borislav Petkov <bp@suse.de>, John Hubbard <jhubbard@nvidia.com>,
	"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
	Juergen Gross <jgross@suse.com>, Mark Brown <broonie@kernel.org>,
	stable <stable@vger.kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>, "x86-ml" <x86@kernel.org>,
	Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>,
	linux-kernel@vger.kernel.org
Subject: [tip: x86/urgent] x86/boot: Preserve boot_params.secure_boot from sanitizing
Date: Mon, 02 Sep 2019 08:17:10 -0000	[thread overview]
Message-ID: <156741223005.17687.14072415887043895040.tip-bot2@tip-bot2> (raw)
In-Reply-To: <CAPotdmSPExAuQcy9iAHqX3js_fc4mMLQOTr5RBGvizyCOPcTQQ@mail.gmail.com>

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     29d9a0b50736768f042752070e5cdf4e4d4c00df
Gitweb:        https://git.kernel.org/tip/29d9a0b50736768f042752070e5cdf4e4d4c00df
Author:        John S. Gruber <JohnSGruber@gmail.com>
AuthorDate:    Mon, 02 Sep 2019 00:00:54 +02:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 02 Sep 2019 09:17:45 +02:00

x86/boot: Preserve boot_params.secure_boot from sanitizing

Commit

  a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else")

now zeroes the secure boot setting information (enabled/disabled/...)
passed by the boot loader or by the kernel's EFI handover mechanism.

The problem manifests itself with signed kernels using the EFI handoff
protocol with grub and the kernel loses the information whether secure
boot is enabled in the firmware, i.e., the log message "Secure boot
enabled" becomes "Secure boot could not be determined".

efi_main() arch/x86/boot/compressed/eboot.c sets this field early but it
is subsequently zeroed by the above referenced commit.

Include boot_params.secure_boot in the preserve field list.

 [ bp: restructure commit message and massage. ]

Fixes: a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else")
Signed-off-by: John S. Gruber <JohnSGruber@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: stable <stable@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/CAPotdmSPExAuQcy9iAHqX3js_fc4mMLQOTr5RBGvizyCOPcTQQ@mail.gmail.com
---
 arch/x86/include/asm/bootparam_utils.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h
index 9e5f3c7..981fe92 100644
--- a/arch/x86/include/asm/bootparam_utils.h
+++ b/arch/x86/include/asm/bootparam_utils.h
@@ -70,6 +70,7 @@ static void sanitize_boot_params(struct boot_params *boot_params)
 			BOOT_PARAM_PRESERVE(eddbuf_entries),
 			BOOT_PARAM_PRESERVE(edd_mbr_sig_buf_entries),
 			BOOT_PARAM_PRESERVE(edd_mbr_sig_buffer),
+			BOOT_PARAM_PRESERVE(secure_boot),
 			BOOT_PARAM_PRESERVE(hdr),
 			BOOT_PARAM_PRESERVE(e820_table),
 			BOOT_PARAM_PRESERVE(eddbuf),

  parent reply	other threads:[~2019-09-02  8:17 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-31  5:46 [PATCH v2 0/1] x86/boot: save fields explicitly, zero out everything else john.hubbard
2019-07-31  5:46 ` [PATCH v2] " john.hubbard
2019-08-07 11:41   ` David Laight
2019-08-07 19:43     ` John Hubbard
2019-08-07 13:19   ` [tip:x86/boot] x86/boot: Save " tip-bot for John Hubbard
2019-08-07 13:28   ` tip-bot for John Hubbard
2019-08-10  7:40   ` [PATCH v2] x86/boot: save " Chris Clayton
2019-08-16 12:25   ` [tip:x86/urgent] x86/boot: Save " tip-bot for John Hubbard
2019-09-01 15:38   ` [PATCH] x86/boot: Fix regression--secure boot info loss from bootparam sanitizing John S Gruber
2019-09-01 18:36     ` John Hubbard
2019-09-01 22:00   ` [PATCH V2] " John S Gruber
2019-09-02  7:23     ` Borislav Petkov
2019-09-02  8:17     ` tip-bot2 for John S. Gruber [this message]
2019-08-05 20:28 ` [PATCH v2 0/1] x86/boot: save fields explicitly, zero out everything else John Hubbard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=156741223005.17687.14072415887043895040.tip-bot2@tip-bot2 \
    --to=tip-bot2@linutronix.de \
    --cc=JohnSGruber@gmail.com \
    --cc=bp@alien8.de \
    --cc=bp@suse.de \
    --cc=broonie@kernel.org \
    --cc=hpa@zytor.com \
    --cc=jgross@suse.com \
    --cc=jhubbard@nvidia.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=mingo@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).