Trusty SRU - nova instances can't boot with 3.13.0-92
Tim Gardner
tim.gardner at canonical.com
Tue Aug 9 16:47:04 UTC 2016
http://bugs.launchpad.net/bugs/1608854
This backport is the result of an oversight made when applying UEFI
patches to support signed module enforcement in a secure boot
environment with a MOK variable override
(http://bugs.launchpad.net/bugs/1593075). Arm64 architecture support for
EFI did not exist in a vanilla v3.13 kernel, so I assumed I could simply
disable arm64 EFI support when I began to encounter compile issues with
the UEFI patches. However, I failed to remember that Dann Frazier had
done a partial backport sufficient to boot arm64 on an EFI platform.
Disabling arm64 EFI was kind of a goof and was not noticed by any of the
reviewers.
I've a few more comments in the bug report at
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1608854/comments/17
rtg
--
Tim Gardner tim.gardner at canonical.com
-------------- next part --------------
The following changes since commit af29983bbae30cfaf4124879b50cb12e68a84195:
powerpc/tm: Always reclaim in start_thread() for exec() class syscalls (2016-07-29 09:15:59 -0700)
are available in the git repository at:
git://kernel.ubuntu.com/rtg/ubuntu-trusty.git
for you to fetch changes up to bfba7f3e1d73db181f52d58494f22cb43e0a2722:
UBUNTU: SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility (2016-08-09 09:39:34 -0600)
----------------------------------------------------------------
Andrzej Zaborowski (1):
efi-pstore: Fix an overflow on 32-bit builds
Ard Biesheuvel (4):
efi/arm64: ignore dtb= when UEFI SecureBoot is enabled
efi/arm64: efistub: remove local copy of linux_banner
arm64/efi: map the entire UEFI vendor string before reading it
arm64/efi: add missing call to early_ioremap_reset()
Borislav Petkov (9):
x86/efi: Simplify EFI_DEBUG
x86/efi: Runtime services virtual mapping
x86/efi: Check krealloc return value
x86/efi: Fix 32-bit fallout
x86/efi: Quirk out SGI UV
x86/efi: Dump the EFI page table
x86, pageattr: Export page unmapping interface
x86/efi: Make efi virtual runtime map passing more robust
x86/efi: Split efi_enter_virtual_mode
Bruno Prémont (1):
x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup()
Catalin Marinas (2):
efi: Fix compiler warnings (unused, const, type)
efi: fdt: Do not report an error during boot if UEFI is not available
Daeseok Youn (1):
efi: Use NULL instead of 0 for pointer
Dan Carpenter (2):
efi: Fix error handling in add_sysfs_runtime_map_entry()
efi: Small leak on error in runtime map code
Dave Young (8):
x86/efi: Remove unused variables in __map_region()
x86/efi: Add a wrapper function efi_map_region_fixed()
x86/efi: Fix off-by-one bug in EFI Boot Services reservation
x86/efi: Cleanup efi_enter_virtual_mode() function
efi: Export more EFI table variables to sysfs
efi: Export EFI runtime memory mapping to sysfs
x86/efi: Pass necessary EFI data for kexec via setup_data
x86/efi: parse_efi_setup() build fix
Dmitry Skorodumov (1):
x86/efi: Use all 64 bit of efi_memmap in setup_e820()
Fabian Frederick (1):
fs/efivarfs/super.c: use static const for dentry_operations
Geyslan G. Bem (1):
efivarfs: 'efivarfs_file_write' function reorganization
Guenter Roeck (1):
firmware: Do not use WARN_ON(!spin_is_locked())
H. Peter Anvin (1):
efi: x86: Handle arbitrary Unicode characters
Ingo Molnar (1):
efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
Joe Perches (1):
x86/efi: Style neatening
Josh Boyer (4):
UBUNTU: SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted
UBUNTU: SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
UBUNTU: SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot
UBUNTU: SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode
Leif Lindholm (2):
efi: efi-stub-helper cleanup
arm64: efi: only attempt efi map setup if booting via EFI
Madper Xie (1):
x86/efi: Delete out-of-date comments of efi_query_variable_store
Mark Salter (5):
efi: create memory map iteration helper
efi: add helper function to get UEFI params from FDT
arm64: add EFI runtime services
arm64: efi: add EFI stub
doc: arm64: add description of EFI stub support
Matt Fleming (29):
x86/efi: Delete superfluous global variables
x86/efi: Allow mapping BGRT on x86-32
x86/efi: Check status field to validate BGRT header
efi: Move facility flags to struct efi
efi: Set feature flags inside feature init functions
ia64/efi: Implement efi_enabled()
x86, tools: Consolidate #ifdef code
x86/efi: Delete dead code when checking for non-native
efi: Add separate 32-bit/64-bit definitions
x86/efi: Build our own EFI services pointer table
x86/efi: Add early thunk code to go from 64-bit to 32-bit
x86/efi: Firmware agnostic handover entry points
x86/efi: Wire up CONFIG_EFI_MIXED
x86/efi: Re-disable interrupts after calling firmware services
x86, tools: Fix up compiler warnings
x86/efi: Preserve segment registers in mixed mode
x86/efi: Rip out phys_efi_get_time()
x86/efi: Restore 'attr' argument to query_variable_info()
x86/efi: Delete most of the efi_call* macros
efivars: Use local variables instead of a pointer dereference
efivars: Check size of user object
efivars: Stop passing a struct argument to efivar_validate()
efivars: Refactor sanity checking code into separate function
efivars: Add compatibility code for compat tasks
x86/efi: Fix boot failure with EFI stub
x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down
efi/reboot: Add generic wrapper around EfiResetSystem()
x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
efi/reboot: Allow powering off machines using EFI
Matthew Garrett (9):
UBUNTU: SAUCE: UEFI: Add secure_modules() call
UBUNTU: SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled
UBUNTU: SAUCE: UEFI: x86: Lock down IO port access when module security is enabled
UBUNTU: SAUCE: UEFI: ACPI: Limit access to custom_method
UBUNTU: SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is restricted
UBUNTU: SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is restricted
UBUNTU: SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading restrictions
UBUNTU: SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted
UBUNTU: SAUCE: UEFI: Add option to automatically enforce module signatures when in Secure Boot mode
Peter Jones (3):
efi: Make our variable validation list include the guid
lib/ucs2_string: Add ucs2 -> utf8 helper functions
efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
Ricardo Neri (3):
x86/efi: Implement a __efi_call_virt macro
x86/efi: Save and restore FPU context around efi_calls (x86_64)
x86/efi: Save and restore FPU context around efi_calls (i386)
Ross Lagerwall (1):
efivarfs: Ensure VariableName is NUL-terminated
Roy Franz (5):
efi: Add shared printk wrapper for consistent prefixing
efi: Add get_dram_base() helper function
doc: efi-stub.txt updates for ARM
efi: Add shared FDT related functions for ARM/ARM64
x86/efi: Store upper bits of command line buffer address in ext_cmd_line_ptr
Semen Protsenko (1):
efi/arm64: Store Runtime Services revision
Silvan Jegen (1):
doc: Fix trivial spelling mistake in efi-stub.txt
Tim Gardner (56):
Revert "UBUNTU: SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility"
Revert "UBUNTU: SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl"
Revert "UBUNTU: SAUCE: UEFI: Display MOKSBState when disabled"
Revert "UBUNTU: SAUCE: UEFI: efi: Disable secure boot if shim is in insecure mode"
Revert "UBUNTU: SAUCE: UEFI MODSIGN: Import certificates from UEFI Secure Boot"
Revert "UBUNTU: SAUCE: UEFI: efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI"
Revert "UBUNTU: SAUCE: UEFI: Add option to automatically enforce module signatures when in Secure Boot mode"
Revert "UBUNTU: SAUCE: UEFI: x86: Restrict MSR access when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: kexec: Disable at runtime if the kernel enforces module loading restrictions"
Revert "UBUNTU: SAUCE: UEFI: acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: Restrict /dev/mem and /dev/kmem when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: asus-wmi: Restrict debugfs interface when module loading is restricted"
Revert "UBUNTU: SAUCE: UEFI: ACPI: Limit access to custom_method"
Revert "UBUNTU: SAUCE: UEFI: x86: Lock down IO port access when module security is enabled"
Revert "UBUNTU: SAUCE: UEFI: PCI: Lock down BAR access when module security is enabled"
Revert "UBUNTU: SAUCE: UEFI: Add secure_modules() call"
Revert "x86/efi: Fix boot failure with EFI stub"
Revert "x86/efi: Build our own EFI services pointer table"
Revert "efi: Add separate 32-bit/64-bit definitions"
Revert "efi: Disable interrupts around EFI calls, not in the epilog/prolog calls"
Revert "x86/efi: Use all 64 bit of efi_memmap in setup_e820()"
Revert "x86/efi: Store upper bits of command line buffer address in ext_cmd_line_ptr"
Revert "efivarfs: Ensure VariableName is NUL-terminated"
Revert "efi/libstub: Fix boundary checking in efi_high_alloc()"
Revert "arm64: efi: only attempt efi map setup if booting via EFI"
Revert "UBUNTU: arm64: Implement efi_enabled()"
Revert "efi/arm64: ignore dtb= when UEFI SecureBoot is enabled"
Revert "doc: arm64: add description of EFI stub support"
Revert "UBUNTU: Move get_dram_base to arm private file"
Revert "arm64: efi: add EFI stub"
Revert "arm64: add EFI runtime services"
Revert "efi: Add shared FDT related functions for ARM/ARM64"
Revert "efi: add helper function to get UEFI params from FDT"
Revert "doc: efi-stub.txt updates for ARM"
Revert "efi: Add get_dram_base() helper function"
Revert "efi: create memory map iteration helper"
Revert "x86, ia64: Move EFI_FB vga_default_device() initialization to pci_vga_fixup()"
Revert "firmware: Do not use WARN_ON(!spin_is_locked())"
Revert "efi-pstore: Fix an overflow on 32-bit builds"
Revert "x86/efi: Fix 32-bit fallout"
Revert "x86/efi: Check krealloc return value"
Revert "x86/efi: Runtime services virtual mapping"
Revert "x86/efi: Fix off-by-one bug in EFI Boot Services reservation"
UBUNTU: SAUCE: Merge tag 'efi-next' of git://git.kernel.org/.../mfleming/efi into x86/efi
UBUNTU: [Config] CONFIG_EFI_RUNTIME_MAP=y
UBUNTU: SAUCE: Merge tag 'v3.13-rc7' into x86/efi-kexec to resolve conflicts
UBUNTU: v3.14 - Bacported EFI up to v3.14
UBUNTU: [Config] CONFIG_EFI_MIXED=y
UBUNTU: SAUCE: Merge remote-tracking branch 'tip/x86/efi-mixed' into efi-for-mingo
UBUNTU: SAUCE: merge with v3.15
UBUNTU: SAUCE: merge with v3.16
UBUNTU: [Config] CONFIG_LIBFDT=y
UBUNTU: [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
UBUNTU: SAUCE: UEFI: Display MOKSBState when disabled
UBUNTU: SAUCE: UEFI: Add secure boot and MOK SB State disabled sysctl
UBUNTU: SAUCE: UEFI: Set EFI_SECURE_BOOT bit in x86_efi_facility
Yinghai Lu (1):
efi/libstub: Fix boundary checking in efi_high_alloc()
Documentation/ABI/testing/sysfs-firmware-efi | 20 +
.../ABI/testing/sysfs-firmware-efi-runtime-map | 34 +
Documentation/efi-stub.txt | 2 +-
arch/arm64/include/asm/efi.h | 1 -
arch/arm64/kernel/efi-stub.c | 8 -
arch/arm64/kernel/efi.c | 27 +-
arch/arm64/kernel/setup.c | 1 +
arch/ia64/kernel/efi.c | 7 +
arch/ia64/kernel/process.c | 2 +-
arch/ia64/pci/fixup.c | 21 +
arch/x86/Kconfig | 14 +
arch/x86/Kconfig.debug | 9 +
arch/x86/boot/Makefile | 2 +-
arch/x86/boot/compressed/eboot.c | 904 ++++++++++++++++-----
arch/x86/boot/compressed/efi_stub_64.S | 29 +
arch/x86/boot/compressed/head_32.S | 2 +-
arch/x86/boot/compressed/head_64.S | 64 +-
arch/x86/boot/header.S | 15 +-
arch/x86/boot/tools/build.c | 100 +--
arch/x86/include/asm/efi.h | 159 ++--
arch/x86/include/asm/pgtable_types.h | 2 +
arch/x86/include/uapi/asm/bootparam.h | 1 +
arch/x86/kernel/reboot.c | 26 +-
arch/x86/kernel/setup.c | 80 +-
arch/x86/mm/pageattr.c | 44 +-
arch/x86/pci/fixup.c | 21 +
arch/x86/platform/efi/Makefile | 1 +
arch/x86/platform/efi/early_printk.c | 83 +-
arch/x86/platform/efi/efi-bgrt.c | 12 +-
arch/x86/platform/efi/efi.c | 752 ++++++++++++-----
arch/x86/platform/efi/efi_32.c | 10 +-
arch/x86/platform/efi/efi_64.c | 389 ++++++++-
arch/x86/platform/efi/efi_stub_64.S | 247 ++++--
arch/x86/platform/efi/efi_thunk_64.S | 65 ++
arch/x86/platform/uv/bios_uv.c | 2 +-
block/partitions/efi.h | 9 +-
debian.master/config/amd64/config.common.amd64 | 1 -
debian.master/config/arm64/config.common.arm64 | 1 -
debian.master/config/config.common.ubuntu | 6 +
debian.master/config/i386/config.common.i386 | 1 -
drivers/firmware/efi/Kconfig | 11 +
drivers/firmware/efi/Makefile | 3 +-
drivers/firmware/efi/arm-stub.c | 39 +-
drivers/firmware/efi/efi-stub-helper.c | 187 +++--
drivers/firmware/efi/efi.c | 78 +-
drivers/firmware/efi/efivars.c | 221 +++--
drivers/firmware/efi/fdt.c | 12 +-
drivers/firmware/efi/reboot.c | 56 ++
drivers/firmware/efi/runtime-map.c | 181 +++++
drivers/firmware/efi/vars.c | 82 +-
fs/efivarfs/file.c | 13 +-
fs/efivarfs/super.c | 9 +-
include/linux/efi.h | 46 +-
include/linux/ucs2_string.h | 4 +
lib/ucs2_string.c | 62 ++
notes.txt | 1 +
56 files changed, 3217 insertions(+), 962 deletions(-)
create mode 100644 Documentation/ABI/testing/sysfs-firmware-efi
create mode 100644 Documentation/ABI/testing/sysfs-firmware-efi-runtime-map
create mode 100644 arch/x86/platform/efi/efi_thunk_64.S
create mode 100644 drivers/firmware/efi/reboot.c
create mode 100644 drivers/firmware/efi/runtime-map.c
create mode 100644 notes.txt
More information about the kernel-team
mailing list