kexec/uefi: copy secure_boot flag in boot params across kexec reboot (d3086227) · Commits · Summer2022 / 22b970497

Commit d3086227 authored 4 years ago by

Yang Yingliang

kexec/uefi: copy secure_boot flag in boot params across kexec reboot


hulk inclusion
category: bugfix
bugzilla: NA
CVE: CVE-2015-7837

---------------------------

Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load.  In this state, the system is missing the protections provided
by secure boot. Adding a patch to fix this by retain the secure_boot flag
in original kernel.

secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub. Fixing this issue by copying secure_boot flag across kexec reboot.

Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

parent 5834b79b

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 1 addition and 0 deletions

Please register or to comment