From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Wed, 29 Jan 2025 13:31:11 +0000 (+0000)
Subject: platform-intel: Disable legacy option ROM scan on UEFI machines
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1fc0f290caeb0720aa6c97177ab429953f5bf10f;p=thirdparty%2Fmdadm.git

platform-intel: Disable legacy option ROM scan on UEFI machines

The legacy option ROM memory range from 0xc0000-0xeffff is not defined
on UEFI machines so don't attempt to scan it. This avoids lockdown log
spam when Secure Boot is enabled (avoids use of /dev/mem).

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---

diff --git a/platform-intel.c b/platform-intel.c
index 95bc4929..270aef36 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -607,6 +607,7 @@ const struct imsm_orom *imsm_platform_test(struct sys_dev *hba)
 
 static const struct imsm_orom *find_imsm_hba_orom(struct sys_dev *hba)
 {
+	struct stat st;
 	unsigned long align;
 
 	if (check_env("IMSM_TEST_OROM"))
@@ -616,6 +617,10 @@ static const struct imsm_orom *find_imsm_hba_orom(struct sys_dev *hba)
 	if (check_env("IMSM_TEST_AHCI_EFI") || check_env("IMSM_TEST_SCU_EFI"))
 		return NULL;
 
+	/* Skip legacy option ROM scan when EFI booted */
+	if (stat("/sys/firmware/efi", &st) == 0 && S_ISDIR(st.st_mode))
+		return NULL;
+
 	find_intel_devices();
 
 	if (intel_devices == NULL)