platform-intel: Disable legacy option ROM scan on UEFI machines

The legacy option ROM memory range from 0xc0000-0xeffff is not defined
on UEFI machines so don't attempt to scan it. This avoids lockdown log
spam when Secure Boot is enabled (avoids use of /dev/mem).

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

diff --git a/platform-intel.c b/platform-intel.c
index 95bc4929e2c6a483591b9a62d62205c5750e4c81..270aef36ae9a37be43fc266bc56b4f9859c9bcd6 100644 (file)
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -607,6 +607,7 @@ const struct imsm_orom *imsm_platform_test(struct sys_dev *hba)
 
 static const struct imsm_orom *find_imsm_hba_orom(struct sys_dev *hba)
 {
+       struct stat st;
        unsigned long align;
 
        if (check_env("IMSM_TEST_OROM"))
@@ -616,6 +617,10 @@ static const struct imsm_orom *find_imsm_hba_orom(struct sys_dev *hba)
        if (check_env("IMSM_TEST_AHCI_EFI") || check_env("IMSM_TEST_SCU_EFI"))
                return NULL;
 
+       /* Skip legacy option ROM scan when EFI booted */
+       if (stat("/sys/firmware/efi", &st) == 0 && S_ISDIR(st.st_mode))
+               return NULL;
+
        find_intel_devices();
 
        if (intel_devices == NULL)