loader/linux: Report the UEFI Secure Boot status to the Linux kernel

Now that the GRUB has a grub_efi_get_secureboot() function to check the
UEFI Secure Boot status, use it to report that to the Linux kernel.

Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 976af3fae873c0f26501eb402e45bce16ad305c6..d7e68658f43302f9f3c5b8805567d2c856e6d790 100644 (file)
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -46,6 +46,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 
 #ifdef GRUB_MACHINE_EFI
 #include <grub/efi/efi.h>
+#include <grub/efi/sb.h>
 #define HAS_VGA_TEXT 0
 #define DEFAULT_VIDEO_MODE "auto"
 #define ACCEPTS_PURE_TEXT 0
@@ -583,6 +584,9 @@ grub_linux_boot (void)
     grub_efi_uintn_t efi_desc_size;
     grub_size_t efi_mmap_target;
     grub_efi_uint32_t efi_desc_version;
+
+    ctx.params->secure_boot = grub_efi_get_secureboot ();
+
     err = grub_efi_finish_boot_services (&efi_mmap_size, efi_mmap_buf, NULL,
                                         &efi_desc_size, &efi_desc_version);
     if (err)
@@ -794,7 +798,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
 
   linux_params.code32_start = prot_mode_target + lh.code32_start - GRUB_LINUX_BZIMAGE_ADDR;
   linux_params.kernel_alignment = (1 << align);
-  linux_params.ps_mouse = linux_params.padding10 = 0;
+  linux_params.ps_mouse = linux_params.padding11 = 0;
   linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
 
   /* These two are used (instead of cmd_line_ptr) by older versions of Linux,

diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h
index 6da5f030fd18986390c73a377ce801ae960ce8dc..eddf9251d9a54d5c03a28ecac1e53dc640c14d5d 100644 (file)
--- a/include/grub/i386/linux.h
+++ b/include/grub/i386/linux.h
@@ -277,7 +277,11 @@ struct linux_kernel_params
 
   grub_uint8_t mmap_size;              /* 1e8 */
 
-  grub_uint8_t padding9[0x1f1 - 0x1e9];
+  grub_uint8_t padding9[0x1ec - 0x1e9];
+
+  grub_uint8_t secure_boot;             /* 1ec */
+
+  grub_uint8_t padding10[0x1f1 - 0x1ed];
 
   /* Linux setup header copy - BEGIN. */
   grub_uint8_t setup_sects;            /* The size of the setup in sectors */
@@ -288,7 +292,7 @@ struct linux_kernel_params
   grub_uint16_t vid_mode;              /* Video mode control */
   grub_uint16_t root_dev;              /* Default root device number */
 
-  grub_uint8_t padding10;              /* 1fe */
+  grub_uint8_t padding11;              /* 1fe */
   grub_uint8_t ps_mouse;               /* 1ff */
 
   grub_uint16_t jump;                  /* Jump instruction */