[linux] 04/04: Complete forward-porting of "arm64: add kernel config option to set securelevel ..."

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Wed Apr 19 23:53:33 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux.

commit d85c3a332d728c7adff8c40aef5cd65bada5f24c
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Thu Apr 20 00:51:24 2017 +0100

    Complete forward-porting of "arm64: add kernel config option to set securelevel ..."
    
    efi_get_secureboot() now returns one of three enumerated values, not
    a boolean.  We need to either redefine the DT property the same way
    (risky unless we also rename it) or squash them into a boolean.
    Do the latter.
---
 ...arm64-add-kernel-config-option-to-set-securelevel-wh.patch | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
index 30403f3..10812f2 100644
--- a/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
+++ b/debian/patches/features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.patch
@@ -12,6 +12,8 @@ kernel using the FDT.
 Signed-off-by: Linn Crosetto <linn at hpe.com>
 [bwh: Forward-ported to 4.10: adjust context]
 [Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
+[bwh: Forward-ported to 4.11: convert result of efi_get_secureboot() to a
+ boolean]
 ---
 v2:
 
@@ -28,7 +30,7 @@ v2:
 
 --- a/arch/arm64/Kconfig
 +++ b/arch/arm64/Kconfig
-@@ -990,6 +990,19 @@ config EFI
+@@ -1033,6 +1033,19 @@ config EFI
  	  allow the kernel to be booted as an EFI application. This
  	  is only useful on systems that have UEFI firmware.
  
@@ -73,7 +75,7 @@ v2:
  		return;
 --- a/drivers/firmware/efi/efi.c
 +++ b/drivers/firmware/efi/efi.c
-@@ -612,7 +612,8 @@ static __initdata struct params fdt_para
+@@ -613,7 +613,8 @@ static __initdata struct params fdt_para
  	UEFI_PARAM("MemMap Address", "linux,uefi-mmap-start", mmap),
  	UEFI_PARAM("MemMap Size", "linux,uefi-mmap-size", mmap_size),
  	UEFI_PARAM("MemMap Desc. Size", "linux,uefi-mmap-desc-size", desc_size),
@@ -85,12 +87,13 @@ v2:
  static __initdata struct params xen_fdt_params[] = {
 --- a/drivers/firmware/efi/libstub/fdt.c
 +++ b/drivers/firmware/efi/libstub/fdt.c
-@@ -134,6 +134,13 @@ static efi_status_t update_fdt(efi_syste
+@@ -134,6 +134,14 @@ static efi_status_t update_fdt(efi_syste
  			return efi_status;
  		}
  	}
 +
-+	fdt_val32 = cpu_to_fdt32(efi_get_secureboot(sys_table));
++	fdt_val32 = cpu_to_fdt32(efi_get_secureboot(sys_table) !=
++				 efi_secureboot_mode_disabled);
 +	status = fdt_setprop(fdt, node, "linux,uefi-secure-boot",
 +			     &fdt_val32, sizeof(fdt_val32));
 +	if (status)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list