Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp283980ybe; Mon, 2 Sep 2019 01:19:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqySN8YCG5LuevYGicsrYEHAaiIBu+7AqR8zO7cQZ6Wwa4dfsjsugvonzYAsPlmc6STzQgv7 X-Received: by 2002:a17:902:e592:: with SMTP id cl18mr28447591plb.291.1567412352460; Mon, 02 Sep 2019 01:19:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567412352; cv=none; d=google.com; s=arc-20160816; b=fxOBlIGZbvb9m5OH/gEc9cUiQAJPtOquf+llASkc8On7kb6mcu0ltCZ1q0GZeq8qYz 5Z4PX8DuMq+Cg5QCs78z7P66DEPWlBoUIpnAGlmCUexgy99HZVSAcBFyq21gTiN0ITnG S2J62Xl5cR2TCuDEJMxhReLy4o87BRf3txGxF4WsLsFl7cs6NjQaF8oWZMdn8GB8seFC 7ZaH6e7VUT6rl+gB407bvWTJTIcTk0IgQn4ptzFXtoS6tk1gWRGrIVQNw4zuZHf+4ZPn D0+WhQx/l9qzNQiyl+wzACmxkN1F8AAba+IDJLWKRsRq9aSWvOHvm7yk0FOZ265rQ0O1 i7Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :robot-unsubscribe:robot-id:message-id:mime-version:references :in-reply-to:cc:subject:to:reply-to:from:date; bh=8lOSYvcZzVmtD6+7hN4eaWTiVosyS/odG3b69HcS4O0=; b=SZZWM/B3CQrcUppj5bukilpmLlEcjDVPkbkdkJn4o5wevYlV90zByC5NaJ1EfGcMiK 124VutU9htAFq4uZ4BfvP7V9iyDH4BHbPgfSudTzczweu3rvyBXa1BW2NPorNnKSqxvh SYAaIvQWTFCJqyLnrseWw5yOQH2gPap29/HJj9/NgpAXJypBIHr8n6SMQD/n0f+0lg/8 +2wEVxHJp6S0yAtGBhcQo96R1l1NYMyxf68O2fwQpUrR+c5RYYa+eGf4CnVc6L2AhDJs E4H3nRYCSH/nOi1yR3l0LDlrnbA/zxV1E+D+O0tMn+P4de4mc0DiUF5KAIXXZ2ZFUrhK l1xw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t2si11663029pjv.80.2019.09.02.01.18.57; Mon, 02 Sep 2019 01:19:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730485AbfIBIRZ (ORCPT + 99 others); Mon, 2 Sep 2019 04:17:25 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:56402 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729462AbfIBIRY (ORCPT ); Mon, 2 Sep 2019 04:17:24 -0400 Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1i4hWQ-0008Mf-J3; Mon, 02 Sep 2019 10:17:10 +0200 Received: from [127.0.1.1] (localhost [IPv6:::1]) by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id 327551C0793; Mon, 2 Sep 2019 10:17:10 +0200 (CEST) Date: Mon, 02 Sep 2019 08:17:10 -0000 From: "tip-bot2 for John S. Gruber" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/boot: Preserve boot_params.secure_boot from sanitizing Cc: "John S. Gruber" , Borislav Petkov , John Hubbard , "H. Peter Anvin" , Ingo Molnar , Juergen Gross , Mark Brown , stable , Thomas Gleixner , "x86-ml" , Ingo Molnar , Borislav Petkov , linux-kernel@vger.kernel.org In-Reply-To: References: MIME-Version: 1.0 Message-ID: <156741223005.17687.14072415887043895040.tip-bot2@tip-bot2> X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 29d9a0b50736768f042752070e5cdf4e4d4c00df Gitweb: https://git.kernel.org/tip/29d9a0b50736768f042752070e5cdf4e4d4c00df Author: John S. Gruber AuthorDate: Mon, 02 Sep 2019 00:00:54 +02:00 Committer: Borislav Petkov CommitterDate: Mon, 02 Sep 2019 09:17:45 +02:00 x86/boot: Preserve boot_params.secure_boot from sanitizing Commit a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else") now zeroes the secure boot setting information (enabled/disabled/...) passed by the boot loader or by the kernel's EFI handover mechanism. The problem manifests itself with signed kernels using the EFI handoff protocol with grub and the kernel loses the information whether secure boot is enabled in the firmware, i.e., the log message "Secure boot enabled" becomes "Secure boot could not be determined". efi_main() arch/x86/boot/compressed/eboot.c sets this field early but it is subsequently zeroed by the above referenced commit. Include boot_params.secure_boot in the preserve field list. [ bp: restructure commit message and massage. ] Fixes: a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else") Signed-off-by: John S. Gruber Signed-off-by: Borislav Petkov Reviewed-by: John Hubbard Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Juergen Gross Cc: Mark Brown Cc: stable Cc: Thomas Gleixner Cc: x86-ml Link: https://lkml.kernel.org/r/CAPotdmSPExAuQcy9iAHqX3js_fc4mMLQOTr5RBGvizyCOPcTQQ@mail.gmail.com --- arch/x86/include/asm/bootparam_utils.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/bootparam_utils.h b/arch/x86/include/asm/bootparam_utils.h index 9e5f3c7..981fe92 100644 --- a/arch/x86/include/asm/bootparam_utils.h +++ b/arch/x86/include/asm/bootparam_utils.h @@ -70,6 +70,7 @@ static void sanitize_boot_params(struct boot_params *boot_params) BOOT_PARAM_PRESERVE(eddbuf_entries), BOOT_PARAM_PRESERVE(edd_mbr_sig_buf_entries), BOOT_PARAM_PRESERVE(edd_mbr_sig_buffer), + BOOT_PARAM_PRESERVE(secure_boot), BOOT_PARAM_PRESERVE(hdr), BOOT_PARAM_PRESERVE(e820_table), BOOT_PARAM_PRESERVE(eddbuf),