On Mon, 23 Jan, at 10:11:43PM, David Howells wrote: > Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx> wrote: > > > > (4) extract_kernel() calls sanitize_boot_params() which would otherwise clear > > > the secure-boot flag. > > > > The ->sentinel flag should be clear (because you zero'd boot_params on > > alloc), so the code inside of sanitize_boot_params() should never > > trigger for the secure boot case. > > But it *does* trigger, otherwise I wouldn't've noticed this. This looks like it's triggered because of a grub2 bug, if I'm reading the code correctly (big if). grub2 memcpy()'s 1024 bytes from the start of kernel image header into the allocated (and zeroed) boot_params object. Unfortunately, it should only be copying the second 512-byte chunk, not the first too. The boot loader should only fill out those fields in the first 512 bytes that it understands. Everything else should be zero, which allows us to add fields (and give them default non-zero values in the header) in the future without breaking old boot loaders. Something like this might fix it (not compiled tested). Could one of the grub2 folks take a look? ---->8---- diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c index 010bf98..fe5771e 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -269,7 +269,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), loaded=1; lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; - grub_memcpy (params, &lh, 2 * 512); + grub_memcpy (params, (grub_uint8_t *)&lh[512], 512); params->type_of_loader = 0x21; -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html