Re: [PATCH v2 10/10] efi/arm64: ignore dtb= when UEFI SecureBoot is enabled

On Fri, 25 Apr, at 05:09:14PM, Leif Lindholm wrote: > From: Ard Biesheuvel > > Loading unauthenticated FDT blobs directly from storage is a security hazard, > so this should only be allowed when running with UEFI Secure Boot disabled. > > Signed-off-by: Ard Biesheuvel > Signed-off-by: Leif Lind

[PATCH v2 10/10] efi/arm64: ignore dtb= when UEFI SecureBoot is enabled

From: Ard Biesheuvel Loading unauthenticated FDT blobs directly from storage is a security hazard, so this should only be allowed when running with UEFI Secure Boot disabled. Signed-off-by: Ard Biesheuvel Signed-off-by: Leif Lindholm --- drivers/firmware/efi/arm-stub.c | 39