Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp2712573rwb; Sat, 6 Aug 2022 04:55:55 -0700 (PDT) X-Google-Smtp-Source: AA6agR7Ekd1eKRZ1zWcQa05Ve8hiYHb5ApcOGaC73ydgdlTEw3jHDbESqGkM2LTzhxyBkwuUFTQS X-Received: by 2002:a63:5c42:0:b0:412:b2e9:97e4 with SMTP id n2-20020a635c42000000b00412b2e997e4mr9336144pgm.36.1659786955763; Sat, 06 Aug 2022 04:55:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659786955; cv=none; d=google.com; s=arc-20160816; b=nTb4KZOQYKzRe/w97XgsDoWMIyAqVVsQsWl5wPo6QDpgXVV0Db6IKDqWlwBDXkx34G dIwLw6O4kykS77U4K8VurjQme4W6WYnIT1gHgLejRH2rLueuf2nh0V5GC4J88XrdnFlS HxXDR4uJqW9bD9qgsNQaNMoOR6zvMo6ohqAggdifIYn1TGJwMiYpkandLxWBENDougwF ek1RTI0EbZabLeXOLWvxdwYrh4lvZErCTXAps18WU9/SjBd13R99ULqwXbkAB8iSookk +Z4ikXVnjnr9Wqw5S3jPyh5xle+42HYwfJGGiCJRI7xDj5+HngxTNMQgd5oZnhNLrnCq nKSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :feedback-id:message-id:subject:reply-to:cc:from:to:dkim-signature :date; bh=DDaQcBxHbVdvNZavclAGBdmxiITV+EWaWcRqMUPt5p8=; b=O3Wrm9hF1LlsuWT6u1uX+gey4jGnT+4yFAm+PqRj3r1ynGSl5367uQb4FZ1pO7Kn+z DAO7YqFuNDTKykC/VQ2fSvunnJ95yip1keJ3IwFqcZ2SExyYYKoMpAgzfWWP4MoVlp9u d2GBjQ65RVkgGKq+t/vLG4Q4LUqQjHBvpo0E+7gv/KN6UrCIpOSd5rEmghq21B8fiY3e vx3JdDwInk3DEj8PXKgVLI18bOjH+PByGCFMeErtNnICwkNCtGSJ6lZS1I2TBHqvCXQ/ oa25dzlD5NYKuNPhefgZZLCrW4u+zygRKbwdVPrziL8zwUy/evsO0ffNk6Gs9kwa69Ft VACw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=BGrH2+qc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 10-20020a63174a000000b0041bdb3d303dsi5862152pgx.252.2022.08.06.04.55.39; Sat, 06 Aug 2022 04:55:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=BGrH2+qc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241807AbiHFLVJ (ORCPT + 99 others); Sat, 6 Aug 2022 07:21:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238569AbiHFLVI (ORCPT ); Sat, 6 Aug 2022 07:21:08 -0400 Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com [51.77.79.158]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E87E38B8; Sat, 6 Aug 2022 04:21:07 -0700 (PDT) Date: Sat, 06 Aug 2022 11:20:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1659784862; x=1660044062; bh=DDaQcBxHbVdvNZavclAGBdmxiITV+EWaWcRqMUPt5p8=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:Feedback-ID:From:To: Cc:Date:Subject:Reply-To:Feedback-ID:Message-ID; b=BGrH2+qcjrK0MP5HogcDJv73gftDl1EkjqxRPM6kXvzN86aRgi9OleJXcj4jqVAyr uQnODZHK6+WsXnBihCaLaMjAukgk06TdXzmxnnAbikVrljJdn1Ys9hht2RfaynCO82 eCRwVJHXTcCIcnPMi8uYPefUssQVA5LBfcE1BwRrV9gYP+P5HkktBeAah/mvcDct1h Hc0A9uzrYMVNQEJssCRIW1EbwtmSxMlw5P1nzlcXhWFiCkDjs/N3MTHoieC+k4tPym 3b3uUGo7xG51axne0JPaBceJdFfZys44URGC3X/xCV9Q6wSj/UfTPfK8FtxRp/9Fzb KTMA7+kwv51uw== To: linux-kernel@vger.kernel.org From: Orlando Chamberlain Cc: jarkko@kernel.org, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, gargaditya08@live.com, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, Orlando Chamberlain , stable@vger.kernel.org, Samuel Jiang Reply-To: Orlando Chamberlain Subject: [PATCH 1/1] efi: Correct Macmini capitalisation in uefi cert quirk Message-ID: <20220806111940.6950-1-redecorating@protonmail.com> Feedback-ID: 28131841:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It turns out Apple doesn't capitalise the "mini" in "Macmini", which is inconsistent with other model line names. Correct the capitalisation of Macmini in the quirk for skipping loading platform certs on T2 Macs. Currently users get: ------------[ cut here ]------------ [Firmware Bug]: Page fault caused by firmware at PA: 0xffffa30640054000 WARNING: CPU: 1 PID: 8 at arch/x86/platform/efi/quirks.c:735 efi_crash_grac= efully_on_page_fault+0x55/0xe0 Modules linked in: CPU: 1 PID: 8 Comm: kworker/u12:0 Not tainted 5.18.14-arch1-2-t2 #1 4535eb3= fc40fd08edab32a509fbf4c9bc52d111e Hardware name: Apple Inc. Macmini8,1/Mac-7BA5B2DFE22DDD8C, BIOS 1731.120.10= .0.0 (iBridge: 19.16.15071.0.0,0) 04/24/2022 Workqueue: efi_rts_wq efi_call_rts ... ---[ end trace 0000000000000000 ]--- efi: Froze efi_rts_wq and disabled EFI Runtime Services integrity: Couldn't get size: 0x8000000000000015 integrity: MODSIGN: Couldn't get UEFI db list efi: EFI Runtime Services are disabled! integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get UEFI dbx list Fixes: 155ca952c7ca ("efi: Do not import certificates from UEFI Secure Boot= for T2 Macs") Cc: stable@vger.kernel.org Cc: Aditya Garg Tested-by: Samuel Jiang Signed-off-by: Orlando Chamberlain --- security/integrity/platform_certs/load_uefi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integ= rity/platform_certs/load_uefi.c index 093894a640dc..b78753d27d8e 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -31,7 +31,7 @@ static const struct dmi_system_id uefi_skip_cert[] =3D { =09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") }, =09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") }, =09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") }, -=09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") }, +=09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "Macmini8,1") }, =09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") }, =09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") }, =09{ UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") }, --=20 2.37.1