From: Michael Niewöhner <foss@mniewoehner.de>
Date: Wed, 20 Feb 2019 19:14:15 +0000 (+0100)
Subject: Revert "Set secure_boot flag in Kernel Zero-Page (#7482)"
X-Git-Tag: v242-rc1~270^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5f7df68c11dfe1b4bdd35f03bbb246a351db4e76;p=thirdparty%2Fsystemd.git

Revert "Set secure_boot flag in Kernel Zero-Page (#7482)"

This reverts commit b4f9f2a62fd003a30a304a25b3b6ffc4048d0f24.

Revert this because a) the quiet bug is fixed in linux and b)
Documentation/boot.txt says "All other fields should be zero."
---

diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c
index 5b4c0858805..33d51dbd727 100644
--- a/src/boot/efi/linux.c
+++ b/src/boot/efi/linux.c
@@ -72,7 +72,7 @@ static VOID linux_efi_handover(EFI_HANDLE image, struct SetupHeader *setup) {
 EFI_STATUS linux_exec(EFI_HANDLE *image,
                       CHAR8 *cmdline, UINTN cmdline_len,
                       UINTN linux_addr,
-                      UINTN initrd_addr, UINTN initrd_size, BOOLEAN secure) {
+                      UINTN initrd_addr, UINTN initrd_size) {
         struct SetupHeader *image_setup;
         struct SetupHeader *boot_setup;
         EFI_PHYSICAL_ADDRESS addr;
@@ -95,17 +95,6 @@ EFI_STATUS linux_exec(EFI_HANDLE *image,
         CopyMem(boot_setup, image_setup, sizeof(struct SetupHeader));
         boot_setup->loader_id = 0xff;
 
-        if (secure) {
-                /* set secure boot flag in linux kernel zero page, see
-                   - Documentation/x86/zero-page.txt
-                   - arch/x86/include/uapi/asm/bootparam.h
-                   - drivers/firmware/efi/libstub/secureboot.c
-                   in the linux kernel source tree
-                   Possible values: 0 (unassigned), 1 (undetected), 2 (disabled), 3 (enabled)
-                */
-                boot_setup->boot_sector[0x1ec] = 3;
-        }
-
         boot_setup->code32_start = (UINT32)linux_addr + (image_setup->setup_secs+1) * 512;
 
         if (cmdline) {
diff --git a/src/boot/efi/linux.h b/src/boot/efi/linux.h
index 2458a2fbd07..4cae99773b8 100644
--- a/src/boot/efi/linux.h
+++ b/src/boot/efi/linux.h
@@ -4,4 +4,4 @@
 EFI_STATUS linux_exec(EFI_HANDLE *image,
                       CHAR8 *cmdline, UINTN cmdline_size,
                       UINTN linux_addr,
-                      UINTN initrd_addr, UINTN initrd_size, BOOLEAN secure);
+                      UINTN initrd_addr, UINTN initrd_size);
diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index 6b07879971c..2a60f38bf77 100644
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -124,7 +124,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) {
 
         err = linux_exec(image, cmdline, cmdline_len,
                          (UINTN)loaded_image->ImageBase + addrs[1],
-                         (UINTN)loaded_image->ImageBase + addrs[2], szs[2], secure);
+                         (UINTN)loaded_image->ImageBase + addrs[2], szs[2]);
 
         graphics_mode(FALSE);
         Print(L"Execution of embedded linux image failed: %r\n", err);