1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
/* Core kernel secure boot support.
*
* Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public Licence
* as published by the Free Software Foundation; either version
* 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/efi.h>
#include <linux/kernel.h>
#include <linux/printk.h>
#include <linux/security.h>
/*
* Decide what to do when UEFI secure boot mode is enabled.
*/
void __init efi_set_secure_boot(enum efi_secureboot_mode mode)
{
if (efi_enabled(EFI_BOOT)) {
switch (mode) {
case efi_secureboot_mode_disabled:
pr_info("Secure boot disabled\n");
break;
case efi_secureboot_mode_enabled:
set_bit(EFI_SECURE_BOOT, &efi.flags);
#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
lock_kernel_down("EFI Secure Boot",
LOCKDOWN_INTEGRITY_MAX);
#endif
pr_info("Secure boot enabled\n");
break;
default:
pr_warn("Secure boot could not be determined (mode %u)\n",
mode);
break;
}
}
}
|
