Re: [PATCH 4/6] efi: Get the secure boot status

From: Lukas Wunner
Date: Tue Nov 22 2016 - 15:29:35 EST

On Tue, Nov 22, 2016 at 02:47:27PM +0000, David Howells wrote:
> Lukas Wunner <lukas@xxxxxxxxx> wrote:
> > The "out_efi_err" portion differs from the previous version of this
> > patch. Setting a __u8 to a negative value, is this really what you
> > want?
> Eh? efi_get_secureboot() returns an int as before. The out_efi_err:
> portions are exactly the same:

By "the previous version of this patch" I was referring to your
submission of Nov 16, not the existing code in the kernel.
Your patch didn't contain the out_efi_err portion.

You're assigning a negative value to boot_params->secure_boot
(which is declared __u8).

In the next patch you're just checking if the value isn't 0
and you're considerung secure boot to be enabled even though
GetVariable failed. Hence my question above, is this what
you want? Likely not, perhaps this is what you really want:

boot_params->secure_boot = (efi_get_secureboot() == 1);

Best regards,