[PATCH] efi: Suppress spurious "Couldn't get size" error
Ard Biesheuvel
ard.biesheuvel at linaro.org
Mon Feb 17 16:06:57 UTC 2020
On Mon, 17 Feb 2020 at 16:45, Takashi Iwai <tiwai at suse.de> wrote:
>
> The current efi code emits the error message like
> Couldn't get size: 0x800000000000000e
> on various Dell and other machines. Although the whole problem is the
> buggy firmware, showing this as an error level is rather annoying, as
> the error message appears over the boot splash. Basically this is the
> result of missing entry and we have no explicit way to fix it for such
> a firmware problem, the error message may be suppressed.
>
> This patch changes the error print condition and suppresses the error
> message if status is EFI_NOT_FOUND. It's a partial patch from the
> more comprehensive one Joey Lee submitted in the past.
>
> Link: https://lore.kernel.org/linux-efi/20190322103350.27764-2-jlee@suse.com/
> Cc: Joey Lee <jlee at suse.com>
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
Hello Takashi,
Javier sent a more comprehensive fix for this today. The problem is
not buggy firmware, but buggy kernel :-)
(the code assumes that all systems boot via shim, and that certain EFI
variables are therefore guaranteed to exist, which is not the case)
https://lore.kernel.org/linux-efi/CAKv+Gu-a5Bo9i=K55pa3jEXRq-u5JYVGp1jFEE=UY5B=6eUkRQ@mail.gmail.com
--
Ard.
> ---
> security/integrity/platform_certs/load_uefi.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> index 111898aad56e..8501ea62cb3e 100644
> --- a/security/integrity/platform_certs/load_uefi.c
> +++ b/security/integrity/platform_certs/load_uefi.c
> @@ -44,7 +44,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
>
> status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
> if (status != EFI_BUFFER_TOO_SMALL) {
> - pr_err("Couldn't get size: 0x%lx\n", status);
> + if (status != EFI_NOT_FOUND)
> + pr_err("Couldn't get size: 0x%lx\n", status);
> return NULL;
> }
>
> --
> 2.16.4
>
More information about the Linux-security-module-archive
mailing list