[PATCH] Add fwupdate and Mok GUID's to the EFI variable immutable whitelist
From: Mario Limonciello
Date: Tue Mar 22 2016 - 17:47:54 EST
ed8b0de5a33d2a2557dce7f9429dca8cb5bc5879 caused all variables to be
immutable by default. This causes problems with userspace applications
mokutil and fwupdate.
---
drivers/firmware/efi/vars.c | 2 ++
include/linux/efi.h | 8 ++++++++
2 files changed, 10 insertions(+)
diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
index 0ac594c..16bd2a9 100644
--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -199,6 +199,8 @@ static const struct variable_validate variable_validate[] = {
{ EFI_GLOBAL_VARIABLE_GUID, "PlatformLang", validate_ascii_string },
{ EFI_GLOBAL_VARIABLE_GUID, "Timeout", validate_uint16 },
{ LINUX_EFI_CRASH_GUID, "*", NULL },
+ { FWUPDATE_GUID, "fwupdate*", NULL },
+ { MOK_GUID, "Mok*", NULL },
{ NULL_GUID, "", NULL },
};
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 1626474..c882cb0 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -575,6 +575,14 @@ void efi_native_runtime_setup(void);
EFI_GUID(0x8be4df61, 0x93ca, 0x11d2, \
0xaa, 0x0d, 0x00, 0xe0, 0x98, 0x03, 0x2b, 0x8c)
+#define FWUPDATE_GUID \
+ EFI_GUID(0x0abba7dc, 0xe516, 0x4167, \
+ 0xbb, 0xf5, 0x4d, 0x9d, 0x1c, 0x73, 0x94, 0x16)
+
+#define MOK_GUID \
+ EFI_GUID(0x605dab50, 0xe046, 0x4300, \
+ 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
+
#define UV_SYSTEM_TABLE_GUID \
EFI_GUID(0x3b13a7d4, 0x633e, 0x11dd, \
0x93, 0xec, 0xda, 0x25, 0x56, 0xd8, 0x95, 0x93)
--
2.7.3