diff options
Diffstat (limited to 'src/boot/efi/linux.c')
-rw-r--r-- | src/boot/efi/linux.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c index 0dc99a6c53..e8f7651324 100644 --- a/src/boot/efi/linux.c +++ b/src/boot/efi/linux.c @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ /* * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published by @@ -84,7 +85,7 @@ static inline VOID linux_efi_handover(EFI_HANDLE image, struct SetupHeader *setu EFI_STATUS linux_exec(EFI_HANDLE *image, CHAR8 *cmdline, UINTN cmdline_len, UINTN linux_addr, - UINTN initrd_addr, UINTN initrd_size) { + UINTN initrd_addr, UINTN initrd_size, BOOLEAN secure) { struct SetupHeader *image_setup; struct SetupHeader *boot_setup; EFI_PHYSICAL_ADDRESS addr; @@ -107,6 +108,17 @@ EFI_STATUS linux_exec(EFI_HANDLE *image, CopyMem(boot_setup, image_setup, sizeof(struct SetupHeader)); boot_setup->loader_id = 0xff; + if (secure) { + /* set secure boot flag in linux kernel zero page, see + - Documentation/x86/zero-page.txt + - arch/x86/include/uapi/asm/bootparam.h + - drivers/firmware/efi/libstub/secureboot.c + in the linux kernel source tree + Possible values: 0 (unassigned), 1 (undetected), 2 (disabled), 3 (enabled) + */ + boot_setup->boot_sector[0x1ec] = 3; + } + boot_setup->code32_start = (UINT32)linux_addr + (image_setup->setup_secs+1) * 512; if (cmdline) { |