[PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Matthew Garrett
mjg59 at srcf.ucam.org
Sat Feb 12 19:42:40 UTC 2022
On Sat, Feb 12, 2022 at 05:53:47AM +0000, Aditya Garg wrote:
> Feb 12 11:01:52 MacBook kernel: Reading EFI variable db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
Ok. With CONFIG_LOAD_UEFI_KEYS=n, can you run:
cat /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
and see whether it generates the same failure? If so then my (handwavy)
guess is that something's going wrong with a firmware codepath for the
d719b2cb-3d3a-4596-a3bc-dad00e67656f GUID. Someone could potentially
then figure out whether the same happens under Windows, but the easiest
thing is probably to just return a failure on Apple hardware when
someone tries to access anything with that GUID.
More information about the Linux-security-module-archive
mailing list