On 9 January 2018 at 14:22, Daniel Kiper <daniel.kiper@xxxxxxxxxx> wrote: > Hi, > > Initialize UEFI secure boot state during dom0 boot. Otherwise the kernel > may not even know that it runs on secure boot enabled platform. > Hi Daniel, I must say, I am not too thrilled with the approach you have chosen here. #including .c files in other .c files, and using #defines to override C functions or other stub functionality is rather fragile. In particular, it means we have to start caring about not breaking Xen/x86 code when making modifications to the EFI stub, and that code is already difficult enough to maintain, given that it is shared between ARM, arm64 and x86, and runs either from the decompressor or the kernel proper (arm64) but in the context of the UEFI firmware. None of the stub code currently runs in ordinary kernel context. So please, could you try to find another way to do this? Thanks, Ard. > > arch/x86/xen/Makefile | 4 +++- > arch/x86/xen/efi.c | 14 +++++++++++++ > drivers/firmware/efi/libstub/secureboot-core.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > drivers/firmware/efi/libstub/secureboot.c | 66 +++++------------------------------------------------------ > 4 files changed, 99 insertions(+), 62 deletions(-) > > Daniel Kiper (4): > efi/stub: Extract efi_get_secureboot() to separate file > x86/xen/efi: Initialize boot_params.secure_boot in xen_efi_init() > efi: Tweak efi_get_secureboot() and its data section assignment > efi: Rename efi_get_secureboot() to __efi_get_secureboot() and make it static > -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html