On Sat, Aug 27, 2016 at 10:22:52PM +0100, Ben Hutchings wrote:
> Control: tag -1 pending
>
> Applied, but:
>
> >
> > --- a/drivers/firmware/efi/libstub/fdt.c
> > +++ b/drivers/firmware/efi/libstub/fdt.c
> > @@ -139,6 +139,13 @@ efi_status_t update_fdt(efi_system_table_t
> > *sys_table, void *orig_fdt,
> > return efi_status;
> > }
> > }
> > +
> > + fdt_val32 = efi_get_secureboot(sys_table);
>
> Shouldn't there be a cpu_to_fdt32() conversion here?
Yes. When setting securelevel the check to see if secure_boot is
greater-than-zero behaves the same, but it should be byte-swapped to preserve
the value returned by efi_get_secureboot(). I tested and validated the
following change:
@@ -140,7 +140,7 @@ efi_status_t update_fdt(efi_system_table_t *sys_table, void *orig_fdt,
}
}
- fdt_val32 = efi_get_secureboot(sys_table);
+ fdt_val32 = cpu_to_fdt32(efi_get_secureboot(sys_table));
status = fdt_setprop(fdt, node, "linux,uefi-secure-boot",
&fdt_val32, sizeof(fdt_val32));
if (status)
Attachment:
signature.asc
Description: Digital signature