starlingx/integ
Code Issues Proposed changes
Files
e49374824fe4ff6ab3a7ea929e3daf7a73414988
integ/security/efitools/debian/bullseye/patches/0004-LockDown-disable-the-entrance-into-BIOS-setup.patch
Robert Church e49374824f Move packages into compliant distro/codename hierarchy 
This is a few tests of using the new distro/codename packaging hierarchy.

Changes include:
- Move base/base-passwd/debian to base/base-passwd/debian/bullseye as
  this patched package is specific to bullseye. Also add
  'revision.stx_patch: 9' to meta_data.yaml so that the .stx package
  version remains consistent.
- Move base/systemd-presets/debian to base/systemd-presets/debian/all as
  this packages should be the same for all flavors of debian.
- Move security/efitools/debian to security/efitools/debian/bullseye as
  this patched package is specific to bullseye. This also tests a
  package with src_files in the meta_data.yaml and requires an update
  once the package is relocated.

Test Plan:
 - PASS: stx-init-env --rebuild, downloader, build-pkgs -a, build-image

Prototype: Concurrent Builds in master

Change-Id: Id64f3619f2d52fb4ab4d1a9238ffe80808807d13
Depends-On: https://review.opendev.org/c/starlingx/root/+/946812
Story: NNNNNNN
Task: NNNNN
Signed-off-by: Robert Church <robert.church@windriver.com>
Signed-off-by: Scott Little <scott.little@windriver.com>
2025-07-09 14:57:56 -04:00

50 lines
1.6 KiB
Diff
Raw Blame History

From d3d22b8a9e415d343e58a2502cb4865e65ad21e1 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Wed, 15 Feb 2017 14:52:07 +0800
Subject: [PATCH 4/5] LockDown: disable the entrance into BIOS setup
Disable the entrance into BIOS setup to re-enable secure boot.
In most cases, this step is not necessary.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
[lz: Adapt git log and do some minor wording cleanups.]
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
LockDown.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/LockDown.c b/LockDown.c
index 090d48f..c8b89bd 100644
--- a/LockDown.c
+++ b/LockDown.c
@@ -19,6 +19,11 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
EFI_STATUS efi_status;
UINT8 SecureBoot, SetupMode;
UINTN DataSize = sizeof(SetupMode);
+ /* This controls whether it is required to enter BIOS setup in
+ * order to re-enable UEFI secure boot. This operation is unnecessary
+ * in most cases.
+ */
+ UINTN NeedSetAttempt = 0;
InitializeLib(image, systab);
@@ -104,12 +109,12 @@ efi_main (EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
* UEFI secure boot in BIOS setup.
*/
Print(L"Prepare to execute system warm reset after 3 seconds ...\n");
- if (!SecureBoot)
+ if (NeedSetAttempt && !SecureBoot)
Print(L"After warm reset, enter BIOS setup to enable UEFI Secure Boot.\n");
BS->Stall(3000000);
- if (!SecureBoot)
+ if (NeedSetAttempt && !SecureBoot)
SETOSIndicationsAndReboot(EFI_OS_INDICATIONS_BOOT_TO_FW_UI);
else
RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
--
2.17.1
View Git Blame Copy Permalink