On Sat, Aug 27, 2016 at 10:22:52PM +0100, Ben Hutchings wrote: > Control: tag -1 pending > > Applied, but: > > > > > --- a/drivers/firmware/efi/libstub/fdt.c > > +++ b/drivers/firmware/efi/libstub/fdt.c > > @@ -139,6 +139,13 @@ efi_status_t update_fdt(efi_system_table_t > > *sys_table, void *orig_fdt, > > return efi_status; > > } > > } > > + > > + fdt_val32 = efi_get_secureboot(sys_table); > > Shouldn't there be a cpu_to_fdt32() conversion here?
Yes. When setting securelevel the check to see if secure_boot is greater-than-zero behaves the same, but it should be byte-swapped to preserve the value returned by efi_get_secureboot(). I tested and validated the following change: @@ -140,7 +140,7 @@ efi_status_t update_fdt(efi_system_table_t *sys_table, void *orig_fdt, } } - fdt_val32 = efi_get_secureboot(sys_table); + fdt_val32 = cpu_to_fdt32(efi_get_secureboot(sys_table)); status = fdt_setprop(fdt, node, "linux,uefi-secure-boot", &fdt_val32, sizeof(fdt_val32)); if (status)
signature.asc
Description: Digital signature