[Fedora kexec-tools 6/7] kexec: Set secureboot info in bootparams

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If secureboot is enabled in first kernel, set secureboot in bootparam so
that it is enabled in second kernel too.

Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx>
---
 include/x86/x86-linux.h           | 4 +++-
 kexec/arch/i386/x86-linux-setup.c | 1 +
 kexec/kexec.c                     | 2 +-
 kexec/kexec.h                     | 2 ++
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/x86/x86-linux.h b/include/x86/x86-linux.h
index 5f8f4b6..bf4f8bb 100644
--- a/include/x86/x86-linux.h
+++ b/include/x86/x86-linux.h
@@ -121,7 +121,9 @@ struct x86_linux_param_header {
 	uint8_t  e820_map_nr;			/* 0x1e8 */
 	uint8_t  eddbuf_entries;		/* 0x1e9 */
 	uint8_t  edd_mbr_sig_buf_entries;	/* 0x1ea */
-	uint8_t  reserved6[6];			/* 0x1eb */
+	uint8_t  kbd_status;			/* 0x1eb */
+	uint8_t  secure_boot;			/* 0x1ec */
+	uint8_t  reserved6[4];			/* 0x1ed */
 	uint8_t  setup_sects;			/* 0x1f1 */
 	uint16_t mount_root_rdonly;		/* 0x1f2 */
 	uint16_t syssize;			/* 0x1f4 */
diff --git a/kexec/arch/i386/x86-linux-setup.c b/kexec/arch/i386/x86-linux-setup.c
index 454fad6..e244821 100644
--- a/kexec/arch/i386/x86-linux-setup.c
+++ b/kexec/arch/i386/x86-linux-setup.c
@@ -120,6 +120,7 @@ void setup_linux_bootloader_parameters_high(
 	cmdline_ptr = ((char *)real_mode) + cmdline_offset;
 	memcpy(cmdline_ptr, cmdline, cmdline_len);
 	cmdline_ptr[cmdline_len - 1] = '\0';
+	real_mode->secure_boot = is_secureboot_enabled();
 }
 
 int setup_linux_vesafb(struct x86_linux_param_header *real_mode)
diff --git a/kexec/kexec.c b/kexec/kexec.c
index 7ebfa0b..47b905f 100644
--- a/kexec/kexec.c
+++ b/kexec/kexec.c
@@ -727,7 +727,7 @@ static int verify_signature(unsigned long keyring_id, char *data, off_t dlen,
  * Ask running kernel to see if it needs /sbin/kexec to verify new kernel's
  * signature.
  */
-static bool is_secureboot_enabled(void) {
+bool is_secureboot_enabled(void) {
 	int fd, ret;
 	char value = 0;
 
diff --git a/kexec/kexec.h b/kexec/kexec.h
index 715b568..ea345d2 100644
--- a/kexec/kexec.h
+++ b/kexec/kexec.h
@@ -7,6 +7,7 @@
 #include <stdio.h>
 #include <stdint.h>
 #include <string.h>
+#include <stdbool.h>
 #define USE_BSD
 #include <byteswap.h>
 #include <endian.h>
@@ -289,4 +290,5 @@ const char * proc_iomem(void);
 
 char *concat_cmdline(const char *base, const char *append);
 
+extern bool is_secureboot_enabled(void);
 #endif /* KEXEC_H */
-- 
1.8.3.1

_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux