tree: https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git next
head: 2c603650ee23c4596f4852e43ae40e42a0c771e1
commit: 2c603650ee23c4596f4852e43ae40e42a0c771e1 [1/1] x86/xen/efi: Initialize
UEFI secure boot state during dom0 boot
reproduce:
# apt-get install sparse
git checkout 2c603650ee23c4596f4852e43ae40e42a0c771e1
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> arch/x86/xen/efi.c:133:35: sparse: incorrect type in argument 1 (different
>> type sizes) @@ expected unsigned short [usertype] *name @@ got ype]
>> *name @@
arch/x86/xen/efi.c:133:35: expected unsigned short [usertype] *name
arch/x86/xen/efi.c:133:35: got char *<noident>
arch/x86/xen/efi.c:143:35: sparse: incorrect type in argument 1 (different
type sizes) @@ expected unsigned short [usertype] *name @@ got ype] *name
@@
arch/x86/xen/efi.c:143:35: expected unsigned short [usertype] *name
arch/x86/xen/efi.c:143:35: got char *<noident>
arch/x86/xen/efi.c:154:35: sparse: incorrect type in argument 1 (different
type sizes) @@ expected unsigned short [usertype] *name @@ got ype] *name
@@
arch/x86/xen/efi.c:154:35: expected unsigned short [usertype] *name
arch/x86/xen/efi.c:154:35: got char *<noident>
vim +133 arch/x86/xen/efi.c
117
118 /*
119 * Determine whether we're in secure boot mode.
120 *
121 * Please keep the logic in sync with
122 * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
123 */
124 static enum efi_secureboot_mode xen_efi_get_secureboot(void)
125 {
126 static efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
127 static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
128 efi_status_t status;
129 u8 moksbstate, secboot, setupmode;
130 unsigned long size;
131
132 size = sizeof(secboot);
> 133 status = efi.get_variable(L"SecureBoot", &efi_variable_guid,
134 NULL, &size, &secboot);
135
136 if (status == EFI_NOT_FOUND)
137 return efi_secureboot_mode_disabled;
138
139 if (status != EFI_SUCCESS)
140 goto out_efi_err;
141
142 size = sizeof(setupmode);
143 status = efi.get_variable(L"SetupMode", &efi_variable_guid,
144 NULL, &size, &setupmode);
145
146 if (status != EFI_SUCCESS)
147 goto out_efi_err;
148
149 if (secboot == 0 || setupmode == 1)
150 return efi_secureboot_mode_disabled;
151
152 /* See if a user has put the shim into insecure mode. */
153 size = sizeof(moksbstate);
154 status = efi.get_variable(L"MokSBStateRT", &shim_guid,
155 NULL, &size, &moksbstate);
156
157 /* If it fails, we don't care why. Default to secure. */
158 if (status != EFI_SUCCESS)
159 goto secure_boot_enabled;
160
161 if (moksbstate == 1)
162 return efi_secureboot_mode_disabled;
163
164 secure_boot_enabled:
165 pr_info("UEFI Secure Boot is enabled.\n");
166 return efi_secureboot_mode_enabled;
167
168 out_efi_err:
169 pr_err("Could not determine UEFI Secure Boot status.\n");
170 return efi_secureboot_mode_unknown;
171 }
172
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
