On 06.05.2025 18:25, Kevin Lampis wrote:
> --- a/xen/common/kernel.c
> +++ b/xen/common/kernel.c
> @@ -216,6 +216,9 @@ static void __init _cmdline_parse(const char *cmdline)
> */
> void __init cmdline_parse(const char *cmdline)
> {
> + /* Call this early since it affects command-line parsing */
> + lockdown_init(cmdline);
I can't spot the effect the comment mentions anywhere in this patch. Is the
description perhaps lacking some detail? It's rather odd after all to see ...
> --- /dev/null
> +++ b/xen/common/lockdown.c
> @@ -0,0 +1,52 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +
> +#include <xen/efi.h>
> +#include <xen/kernel.h>
> +#include <xen/lockdown.h>
> +#include <xen/param.h>
> +#include <xen/string.h>
> +
> +static bool __ro_after_init lockdown = IS_ENABLED(CONFIG_LOCKDOWN_DEFAULT);
> +ignore_param("lockdown");
> +
> +bool is_locked_down(void)
> +{
> + return lockdown;
> +}
> +
> +void __init lockdown_init(const char *cmdline)
> +{
> + if ( efi_secure_boot )
> + {
> + printk("Enabling lockdown mode because Secure Boot is enabled\n");
> + lockdown = true;
> + }
> + else
> + {
> + while ( *cmdline )
> + {
> + size_t param_len, name_len;
> + int ret;
> +
> + cmdline += strspn(cmdline, " \n\r\t");
> + param_len = strcspn(cmdline, " \n\r\t");
> + name_len = strcspn(cmdline, "= \n\r\t");
... such custom token splitting ahead of normal command line handling.
Jan
