[Fedora kexec-tools 6/7] kexec: Set secureboot info in bootparams
Vivek Goyal
vgoyal at redhat.com
Thu Sep 5 01:57:03 UTC 2013
If secureboot is enabled in first kernel, set secureboot in bootparam so
that it is enabled in second kernel too.
Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
---
include/x86/x86-linux.h | 4 +++-
kexec/arch/i386/x86-linux-setup.c | 1 +
kexec/kexec.c | 2 +-
kexec/kexec.h | 2 ++
4 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/x86/x86-linux.h b/include/x86/x86-linux.h
index 5f8f4b6..bf4f8bb 100644
--- a/include/x86/x86-linux.h
+++ b/include/x86/x86-linux.h
@@ -121,7 +121,9 @@ struct x86_linux_param_header {
uint8_t e820_map_nr; /* 0x1e8 */
uint8_t eddbuf_entries; /* 0x1e9 */
uint8_t edd_mbr_sig_buf_entries; /* 0x1ea */
- uint8_t reserved6[6]; /* 0x1eb */
+ uint8_t kbd_status; /* 0x1eb */
+ uint8_t secure_boot; /* 0x1ec */
+ uint8_t reserved6[4]; /* 0x1ed */
uint8_t setup_sects; /* 0x1f1 */
uint16_t mount_root_rdonly; /* 0x1f2 */
uint16_t syssize; /* 0x1f4 */
diff --git a/kexec/arch/i386/x86-linux-setup.c b/kexec/arch/i386/x86-linux-setup.c
index 454fad6..e244821 100644
--- a/kexec/arch/i386/x86-linux-setup.c
+++ b/kexec/arch/i386/x86-linux-setup.c
@@ -120,6 +120,7 @@ void setup_linux_bootloader_parameters_high(
cmdline_ptr = ((char *)real_mode) + cmdline_offset;
memcpy(cmdline_ptr, cmdline, cmdline_len);
cmdline_ptr[cmdline_len - 1] = '\0';
+ real_mode->secure_boot = is_secureboot_enabled();
}
int setup_linux_vesafb(struct x86_linux_param_header *real_mode)
diff --git a/kexec/kexec.c b/kexec/kexec.c
index 7ebfa0b..47b905f 100644
--- a/kexec/kexec.c
+++ b/kexec/kexec.c
@@ -727,7 +727,7 @@ static int verify_signature(unsigned long keyring_id, char *data, off_t dlen,
* Ask running kernel to see if it needs /sbin/kexec to verify new kernel's
* signature.
*/
-static bool is_secureboot_enabled(void) {
+bool is_secureboot_enabled(void) {
int fd, ret;
char value = 0;
diff --git a/kexec/kexec.h b/kexec/kexec.h
index 715b568..ea345d2 100644
--- a/kexec/kexec.h
+++ b/kexec/kexec.h
@@ -7,6 +7,7 @@
#include <stdio.h>
#include <stdint.h>
#include <string.h>
+#include <stdbool.h>
#define USE_BSD
#include <byteswap.h>
#include <endian.h>
@@ -289,4 +290,5 @@ const char * proc_iomem(void);
char *concat_cmdline(const char *base, const char *append);
+extern bool is_secureboot_enabled(void);
#endif /* KEXEC_H */
--
1.8.3.1
More information about the kernel
mailing list