[PATCH v2 10/10] efi/arm64: ignore dtb= when UEFI SecureBoot is enabled
Matt Fleming
matt at console-pimps.org
Tue Apr 29 04:28:49 PDT 2014
On Fri, 25 Apr, at 05:09:14PM, Leif Lindholm wrote:
> From: Ard Biesheuvel <ard.biesheuvel at linaro.org>
>
> Loading unauthenticated FDT blobs directly from storage is a security hazard,
> so this should only be allowed when running with UEFI Secure Boot disabled.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
> Signed-off-by: Leif Lindholm <leif.lindholm at linaro.org>
> ---
> drivers/firmware/efi/arm-stub.c | 39 +++++++++++++++++++++++++++++++++++----
> 1 file changed, 35 insertions(+), 4 deletions(-)
Acked-by: Matt Fleming <matt.fleming at intel.com>
--
Matt Fleming, Intel Open Source Technology Center
More information about the linux-arm-kernel
mailing list