[PATCH v3] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Aditya Garg
gargaditya08 at live.com
Sun Feb 13 08:36:37 UTC 2022
>
> The T2 is represented by a PCI device with ID 106B:1802. I think it
> would be more elegant to sense presence of that device instead of
> hardcoding a long dmi list, i.e.:
>
> static bool apple_t2_present(void)
> {
> struct pci_dev *pdev;
>
> if (!x86_apple_machine)
> return false;
>
> pdev = pci_get_device(PCI_VENDOR_ID_APPLE, 0x1802, NULL);
> if (pdev) {
> pci_put_dev(pdev);
> return true;
> }
>
> return false;
> }
I’d rather prefer DMI cause :-
1. There are chances that some non T2 Macs may require this quirk as well. (After all we are talking about Apple)
2. There are slight chances that some non Apple Machines may require this as well
I also am not used to pci based quirks, making it a bit difficult for me to make a patch based on that :(.
The code length is anyways short now.
More information about the Linux-security-module-archive
mailing list