aboutsummaryrefslogtreecommitdiff
path: root/drivers/firmware/efi/mokvar-table.c
AgeCommit message (Collapse)AuthorFilesLines
2020-10-02efi: mokvar: add missing include of asm/early_ioremap.hArd Biesheuvel1-0/+2
Nathan reports that building the new mokvar table code for 32-bit ARM fails with errors such as error: implicit declaration of function 'early_memunmap' error: implicit declaration of function 'early_memremap' This is caused by the lack of an explicit #include of the appropriate header, and ARM apparently does not inherit that inclusion via another header file. So add the #include. Tested-by: Nathan Chancellor <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]>
2020-09-29efi: mokvar-table: fix some issues in new codeArd Biesheuvel1-14/+11
Fix a couple of issues in the new mokvar-table handling code, as pointed out by Arvind and Boris: - don't bother checking the end of the physical region against the start address of the mokvar table, - ensure that we enter the loop with err = -EINVAL, - replace size_t with unsigned long to appease pedantic type equality checks. Reviewed-by: Arvind Sankar <[email protected]> Reviewed-by: Lenny Szubowicz <[email protected]> Tested-by: Borislav Petkov <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]>
2020-09-16efi: Support for MOK variable config tableLenny Szubowicz1-0/+360
Because of system-specific EFI firmware limitations, EFI volatile variables may not be capable of holding the required contents of the Machine Owner Key (MOK) certificate store when the certificate list grows above some size. Therefore, an EFI boot loader may pass the MOK certs via a EFI configuration table created specifically for this purpose to avoid this firmware limitation. An EFI configuration table is a much more primitive mechanism compared to EFI variables and is well suited for one-way passage of static information from a pre-OS environment to the kernel. This patch adds initial kernel support to recognize, parse, and validate the EFI MOK configuration table, where named entries contain the same data that would otherwise be provided in similarly named EFI variables. Additionally, this patch creates a sysfs binary file for each EFI MOK configuration table entry found. These files are read-only to root and are provided for use by user space utilities such as mokutil. A subsequent patch will load MOK certs into the trusted platform key ring using this infrastructure. Signed-off-by: Lenny Szubowicz <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Ard Biesheuvel <[email protected]>
Powered by cgit, Gruvboxed by Blaster4385.