diff options
author | David Howells <dhowells@redhat.com> | 2017-02-06 11:22:43 +0000 |
---|---|---|
committer | Ingo Molnar <mingo@kernel.org> | 2017-02-07 10:42:10 +0100 |
commit | de8cb458625c164bb3f93c4e415e479afce8fa9d (patch) | |
tree | 6da87e0a45c5d1e39bc5f46413123358734d8eba /Documentation/x86/zero-page.txt | |
parent | e58910cdc9f43cda2e52fcdf2fddbdc74e80b2f7 (diff) | |
download | op-kernel-dev-de8cb458625c164bb3f93c4e415e479afce8fa9d.zip op-kernel-dev-de8cb458625c164bb3f93c4e415e479afce8fa9d.tar.gz |
efi: Get and store the secure boot status
Get the firmware's secure-boot status in the kernel boot wrapper and stash
it somewhere that the main kernel image can find.
The efi_get_secureboot() function is extracted from the ARM stub and (a)
generalised so that it can be called from x86 and (b) made to use
efi_call_runtime() so that it can be run in mixed-mode.
For x86, it is stored in boot_params and can be overridden by the boot
loader or kexec. This allows secure-boot mode to be passed on to a new
kernel.
Suggested-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1486380166-31868-5-git-send-email-ard.biesheuvel@linaro.org
[ Small readability edits. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'Documentation/x86/zero-page.txt')
-rw-r--r-- | Documentation/x86/zero-page.txt | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt index 95a4d34..b8527c6 100644 --- a/Documentation/x86/zero-page.txt +++ b/Documentation/x86/zero-page.txt @@ -31,6 +31,8 @@ Offset Proto Name Meaning 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below) 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer (below) +1EB/001 ALL kbd_status Numlock is enabled +1EC/001 ALL secure_boot Secure boot is enabled in the firmware 1EF/001 ALL sentinel Used to detect broken bootloaders 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table |