Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs

From: Matthew Garrett
Date: Sat Feb 12 2022 - 14:42:54 EST

Next message: Wolfram Sang: "[PATCH] i2c: cadence: allow COMPILE_TEST"
Previous message: David Ahern: "Re: [PATCH v2] Generate netlink notification when default IPv6 route preference changes"
In reply to: Aditya Garg: "Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Next in thread: Aditya Garg: "Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Feb 12, 2022 at 05:53:47AM +0000, Aditya Garg wrote:

> Feb 12 11:01:52 MacBook kernel: Reading EFI variable db-d719b2cb-3d3a-4596-a3bc-dad00e67656f

Ok. With CONFIG_LOAD_UEFI_KEYS=n, can you run:

cat /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f

and see whether it generates the same failure? If so then my (handwavy)
guess is that something's going wrong with a firmware codepath for the
d719b2cb-3d3a-4596-a3bc-dad00e67656f GUID. Someone could potentially
then figure out whether the same happens under Windows, but the easiest
thing is probably to just return a failure on Apple hardware when
someone tries to access anything with that GUID.

Next message: Wolfram Sang: "[PATCH] i2c: cadence: allow COMPILE_TEST"
Previous message: David Ahern: "Re: [PATCH v2] Generate netlink notification when default IPv6 route preference changes"
In reply to: Aditya Garg: "Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Next in thread: Aditya Garg: "Re: [PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]