forked from pool/grub2
Michael Chang
a613dba873
- Update patches for Power guest secure boot with key management (jsc#PED-3520) (jsc#PED-9892) * 0001-ieee1275-adding-failure-check-condition-on-ibm-secur.patch * 0002-ieee1275-Platform-Keystore-PKS-Support.patch * 0003-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0004-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0005-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0006-powerpc_ieee1275-set-use_static_keys-flag.patch * 0007-appendedsig-Reads-the-default-DB-keys-from-ELF-Note.patch * 0008-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0009-appendedsig-documentation.patch - Remove patches * 0001-ieee1275-Platform-Keystore-PKS-Support.patch * 0002-ieee1275-Read-the-DB-and-DBX-secure-boot-variables.patch * 0003-appendedsig-The-creation-of-trusted-and-distrusted-l.patch * 0004-appendedsig-While-verifying-the-kernel-use-trusted-a.patch * 0005-appendedsig-The-grub-command-s-trusted-and-distruste.patch * 0006-appendedsig-documentation.patch OBS-URL: https://build.opensuse.org/request/show/1252188 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=534
57 lines
1.7 KiB
Diff
57 lines
1.7 KiB
Diff
From 5025c64afc876d91d3947ce07bb59ffe9af7209d Mon Sep 17 00:00:00 2001
|
|
From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
|
|
Date: Tue, 25 Feb 2025 19:14:24 +0530
|
|
Subject: [PATCH 1/9] ieee1275: adding failure check condition on
|
|
/ibm,secure-boot
|
|
|
|
failure check condition is missing while finding device "/" and
|
|
get property "ibm,secure-boot". So, adding the failure check condition.
|
|
|
|
Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
|
|
---
|
|
grub-core/kern/ieee1275/init.c | 20 ++++++++++++++------
|
|
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c
|
|
index f86543da0d..0e1cbf24c3 100644
|
|
--- a/grub-core/kern/ieee1275/init.c
|
|
+++ b/grub-core/kern/ieee1275/init.c
|
|
@@ -987,12 +987,20 @@ grub_get_ieee1275_secure_boot (void)
|
|
int rc;
|
|
grub_uint32_t is_sb;
|
|
|
|
- grub_ieee1275_finddevice ("/", &root);
|
|
-
|
|
- rc = grub_ieee1275_get_integer_property (root, "ibm,secure-boot", &is_sb,
|
|
- sizeof (is_sb), 0);
|
|
+ if (grub_ieee1275_finddevice ("/", &root))
|
|
+ {
|
|
+ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "couldn't find / node");
|
|
+ return;
|
|
+ }
|
|
|
|
- /* ibm,secure-boot:
|
|
+ rc = grub_ieee1275_get_integer_property (root, "ibm,secure-boot", &is_sb, sizeof (is_sb), 0);
|
|
+ if (rc < 0)
|
|
+ {
|
|
+ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "couldn't examine /ibm,secure-boot property");
|
|
+ return;
|
|
+ }
|
|
+ /*
|
|
+ * ibm,secure-boot:
|
|
* 0 - disabled
|
|
* 1 - audit
|
|
* 2 - enforce
|
|
@@ -1000,7 +1008,7 @@ grub_get_ieee1275_secure_boot (void)
|
|
*
|
|
* We only support enforce.
|
|
*/
|
|
- if (rc >= 0 && is_sb >= 2)
|
|
+ if (is_sb >= 2)
|
|
grub_lockdown ();
|
|
}
|
|
|
|
--
|
|
2.48.1
|
|
|