2022-10-27 10:07:23

by Aditya Garg

[permalink] [raw]
Subject: [PATCH] efi: Add iMac Pro 2017 to uefi skip cert quirk

From: Aditya Garg <[email protected]>

The iMac Pro 2017 is also a T2 Mac. Thus add it to the list of uefi skip cert.

Cc: [email protected]
Signed-off-by: Aditya Garg <[email protected]>
---
security/integrity/platform_certs/load_uefi.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index b78753d27d8ea6..d1fdd113450a63 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -35,6 +35,7 @@ static const struct dmi_system_id uefi_skip_cert[] = {
{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") },
{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") },
{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMacPro1,1") },
{ }
};


2022-11-01 13:22:23

by Mimi Zohar

[permalink] [raw]
Subject: Re: [PATCH] efi: Add iMac Pro 2017 to uefi skip cert quirk

Hi Aditya,

On Thu, 2022-10-27 at 10:01 +0000, Aditya Garg wrote:
> From: Aditya Garg <[email protected]>
>
> The iMac Pro 2017 is also a T2 Mac. Thus add it to the list of uefi skip cert.
>
> Cc: [email protected]
> Signed-off-by: Aditya Garg <[email protected]>

I found this list of computers with the Apple T2 Security Chip -
https://support.apple.com/en-us/HT208862, but not a list that
correlates them to the system ID. With this update, is this the entire
list?

thanks,

Mimi

> ---
> security/integrity/platform_certs/load_uefi.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> index b78753d27d8ea6..d1fdd113450a63 100644
> --- a/security/integrity/platform_certs/load_uefi.c
> +++ b/security/integrity/platform_certs/load_uefi.c
> @@ -35,6 +35,7 @@ static const struct dmi_system_id uefi_skip_cert[] = {
> { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") },
> { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") },
> { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") },
> + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMacPro1,1") },
> { }
> };
>



2022-11-01 14:32:32

by Aditya Garg

[permalink] [raw]
Subject: Re: [PATCH] efi: Add iMac Pro 2017 to uefi skip cert quirk

Hi Mimi

> I found this list of computers with the Apple T2 Security Chip -
> https://support.apple.com/en-us/HT208862, but not a list that
> correlates them to the system ID. With this update, is this the entire
> list?

As per the link you sent me, the following are the system IDs of the T2 Macs mentioned in the list

1. iMac (Retina 5K, 27-inch, 2020) - iMac20,1, iMac20,2
2. iMac Pro - iMacPro1,1
3. Mac Pro (2019) - MacPro7,1
4. Mac Pro (Rack, 2019) - MacPro7,1
5. Mac mini (2018) - Macmini8,1
6. MacBook Air (Retina, 13-inch, 2020) - MacBookAir9,1
7. MacBook Air (Retina, 13-inch, 2019) - MacBookAir8,2
8. MacBook Air (Retina, 13-inch, 2018) - MacBookAir8,1
9. MacBook Pro (13-inch, 2020, Two Thunderbolt 3 ports) - MacBookPro16,3
10. MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports) - MacBookPro16,2
11. MacBook Pro (16-inch, 2019) - MacBookPro16,1, MacBookPro16,4
12. MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports) - MacBookPro15,4
13. MacBook Pro (15-inch, 2019) - MacBookPro15,1, MacBookPro15,3
14. MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports) - MacBookPro15,2
15. MacBook Pro (15-inch, 2018) - MacBookPro15,1
16. MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports) - MacBookPro15,2

The system IDs of the Macs can be seen from official Apple’s documentation form the links below :-

https://support.apple.com/en-in/HT201634 - For iMac
https://support.apple.com/en-in/HT202888 - For Mac Pro
https://support.apple.com/en-in/HT201894 - For Mac mini
https://support.apple.com/en-in/HT201862 - For MacBook Air
https://support.apple.com/en-in/HT201300 - For MacBook Pro

After cross-checking only iMacPro1,1 seems to be missing.

Thanks
Aditya

2022-11-01 21:16:44

by Mimi Zohar

[permalink] [raw]
Subject: Re: [PATCH] efi: Add iMac Pro 2017 to uefi skip cert quirk

Hi Aditya,

On Tue, 2022-11-01 at 14:06 +0000, Aditya Garg wrote:
> Hi Mimi
>
> > I found this list of computers with the Apple T2 Security Chip -
> > https://support.apple.com/en-us/HT208862, but not a list that
> > correlates them to the system ID. With this update, is this the entire
> > list?
>
> As per the link you sent me, the following are the system IDs of the T2 Macs mentioned in the list
>
> 1. iMac (Retina 5K, 27-inch, 2020) - iMac20,1, iMac20,2
> 2. iMac Pro - iMacPro1,1
> 3. Mac Pro (2019) - MacPro7,1
> 4. Mac Pro (Rack, 2019) - MacPro7,1
> 5. Mac mini (2018) - Macmini8,1
> 6. MacBook Air (Retina, 13-inch, 2020) - MacBookAir9,1
> 7. MacBook Air (Retina, 13-inch, 2019) - MacBookAir8,2
> 8. MacBook Air (Retina, 13-inch, 2018) - MacBookAir8,1
> 9. MacBook Pro (13-inch, 2020, Two Thunderbolt 3 ports) - MacBookPro16,3
> 10. MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports) - MacBookPro16,2
> 11. MacBook Pro (16-inch, 2019) - MacBookPro16,1, MacBookPro16,4
> 12. MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports) - MacBookPro15,4
> 13. MacBook Pro (15-inch, 2019) - MacBookPro15,1, MacBookPro15,3
> 14. MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports) - MacBookPro15,2
> 15. MacBook Pro (15-inch, 2018) - MacBookPro15,1
> 16. MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports) - MacBookPro15,2
>
> The system IDs of the Macs can be seen from official Apple’s documentation form the links below :-
>
> https://support.apple.com/en-in/HT201634 - For iMac
> https://support.apple.com/en-in/HT202888 - For Mac Pro
> https://support.apple.com/en-in/HT201894 - For Mac mini
> https://support.apple.com/en-in/HT201862 - For MacBook Air
> https://support.apple.com/en-in/HT201300 - For MacBook Pro
>
> After cross-checking only iMacPro1,1 seems to be missing.

Thank you for double checking. The patch is now queued in next-
integrity.

Mimi