Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp4153695ybe; Mon, 9 Sep 2019 05:13:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqyxiFwwnIUwJm3/9UyJaVX8LP0W2U0iq1CMtauFindf3+epYSbbzWnY9NIpA7tcmKXx7PE2 X-Received: by 2002:a17:906:b34a:: with SMTP id cd10mr19283974ejb.300.1568031190540; Mon, 09 Sep 2019 05:13:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568031190; cv=none; d=google.com; s=arc-20160816; b=hpDJs7QKH56bjB6IPwHmzN5JDRc5jDSN6xWfHYSGqfu3P0fttg5Bjh2EuhTrDox2T7 BNPffXOB9IUq8jrVDyPI9FafopPZFNyn2PDmIPeSNxkfCN+27cHp+aowBCbIdI4h28im jFbWyAU580J5oHRE0k+LguIKhvaSP4ToE1/UR/IkCewcdC+Bx2YZcd0Y73SfJHOCQS9K cSY0qhEpoYupPKBYkVni1xf/JBJzovR7DoRS709dr14UY1iICckqMqD6AJPmXeQYZPAH P4QzlPrDDEF7HogF6+tDeMX4NpojG70Hnm+WJBSIKT+C0ZabrAf2AOh6CPmn6pR608I1 xMag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dbTvYVMP+NHjiA1V/eyBaya8N6C3or3btbXO8Ni5IBM=; b=MgioUV9xYNa8beana3WUccxHq6TEJULpP23JTluXhRjRuWoamN7JkyL15iAFSp0Pbj G6H/UWWDdpa2qxKj6WBr+EKPr5nhIcjO5d/BMmodF8Ib/Xnx6FyjRrzZqcoPXQ0kNTBH Kxt4wCB5bN5mq1zIrMIojsVW3SI/plxotqhdJjExyPP069si0ILPDmVonUsGEaWdBy3X 7+40kGip8D9k9a8I52VfUBg7tJ4YXMpKVLvUDBbIBJDYdc3y1aIwhX4qWC3gvZ6ZIgl0 bYX88lfWNwSqn3OVfxvueBO7zSBFY6RlIXE27Ool0gL9AdWjbY8q/2iQnRnDU6839/14 /02w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WuwVJPWE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m26si7348399eji.61.2019.09.09.05.12.33; Mon, 09 Sep 2019 05:13:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=WuwVJPWE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387487AbfIHMxK (ORCPT + 99 others); Sun, 8 Sep 2019 08:53:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:45930 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387448AbfIHMxI (ORCPT ); Sun, 8 Sep 2019 08:53:08 -0400 Received: from localhost (unknown [62.28.240.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C617E218AC; Sun, 8 Sep 2019 12:53:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567947188; bh=sMY8CX+ke/0X1cozkbi0shNM3husLo0be0Fv4RKdw+E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WuwVJPWELoSMcaN/5ZROyvgF3ZZElyCQV7Ki8O8pvPMh8F8r+wEmZtn+mCMVow5Ei /mxs2wVrfs3zqM07vzvUZ9GAJFo/GjMCuJgV9XSft1hRcvo28xYTAlTko5sWNPWJuK 3T8i2I8K6LjmivC8o9t1T1e3AF8xWW434nr85X1U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "John S. Gruber" , Borislav Petkov , John Hubbard , "H. Peter Anvin" , Ingo Molnar , Juergen Gross , Mark Brown , Thomas Gleixner , x86-ml Subject: [PATCH 5.2 93/94] x86/boot: Preserve boot_params.secure_boot from sanitizing Date: Sun, 8 Sep 2019 13:42:29 +0100 Message-Id: <20190908121153.089539744@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190908121150.420989666@linuxfoundation.org> References: <20190908121150.420989666@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: John S. Gruber commit 29d9a0b50736768f042752070e5cdf4e4d4c00df upstream. Commit a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else") now zeroes the secure boot setting information (enabled/disabled/...) passed by the boot loader or by the kernel's EFI handover mechanism. The problem manifests itself with signed kernels using the EFI handoff protocol with grub and the kernel loses the information whether secure boot is enabled in the firmware, i.e., the log message "Secure boot enabled" becomes "Secure boot could not be determined". efi_main() arch/x86/boot/compressed/eboot.c sets this field early but it is subsequently zeroed by the above referenced commit. Include boot_params.secure_boot in the preserve field list. [ bp: restructure commit message and massage. ] Fixes: a90118c445cc ("x86/boot: Save fields explicitly, zero out everything else") Signed-off-by: John S. Gruber Signed-off-by: Borislav Petkov Reviewed-by: John Hubbard Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Juergen Gross Cc: Mark Brown Cc: stable Cc: Thomas Gleixner Cc: x86-ml Link: https://lkml.kernel.org/r/CAPotdmSPExAuQcy9iAHqX3js_fc4mMLQOTr5RBGvizyCOPcTQQ@mail.gmail.com Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/bootparam_utils.h | 1 + 1 file changed, 1 insertion(+) --- a/arch/x86/include/asm/bootparam_utils.h +++ b/arch/x86/include/asm/bootparam_utils.h @@ -70,6 +70,7 @@ static void sanitize_boot_params(struct BOOT_PARAM_PRESERVE(eddbuf_entries), BOOT_PARAM_PRESERVE(edd_mbr_sig_buf_entries), BOOT_PARAM_PRESERVE(edd_mbr_sig_buffer), + BOOT_PARAM_PRESERVE(secure_boot), BOOT_PARAM_PRESERVE(hdr), BOOT_PARAM_PRESERVE(e820_table), BOOT_PARAM_PRESERVE(eddbuf),