dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch

8631a2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
8631a2
From: Peter Jones <pjones@redhat.com>
8631a2
Date: Tue, 6 Oct 2015 16:09:25 -0400
8631a2
Subject: [PATCH] Make any of the loaders that link in efi mode honor secure
8631a2
 boot.
8631a2
8631a2
And in this case "honor" means "even if somebody does link this in, they
8631a2
won't register commands if SB is enabled."
8631a2
8631a2
Signed-off-by: Peter Jones <pjones@redhat.com>
8631a2
---
8631a2
 grub-core/Makefile.core.def        |  1 +
8631a2
 grub-core/commands/iorw.c          |  7 +++++
8631a2
 grub-core/commands/memrw.c         |  7 +++++
8631a2
 grub-core/kern/dl.c                |  1 +
8631a2
 grub-core/kern/efi/efi.c           | 34 --------------------
8631a2
 grub-core/kern/efi/sb.c            | 64 ++++++++++++++++++++++++++++++++++++++
8631a2
 grub-core/loader/efi/appleloader.c |  7 +++++
8631a2
 grub-core/loader/efi/chainloader.c |  1 +
8631a2
 grub-core/loader/i386/bsd.c        |  7 +++++
8631a2
 grub-core/loader/i386/linux.c      |  7 +++++
8631a2
 grub-core/loader/i386/pc/linux.c   |  7 +++++
8631a2
 grub-core/loader/multiboot.c       |  7 +++++
8631a2
 grub-core/loader/xnu.c             |  7 +++++
8631a2
 include/grub/efi/efi.h             |  1 -
8631a2
 include/grub/efi/sb.h              | 29 +++++++++++++++++
8631a2
 include/grub/ia64/linux.h          |  0
8631a2
 include/grub/mips/linux.h          |  0
8631a2
 include/grub/powerpc/linux.h       |  0
8631a2
 include/grub/sparc64/linux.h       |  0
8631a2
 grub-core/Makefile.am              |  1 +
8631a2
 20 files changed, 153 insertions(+), 35 deletions(-)
8631a2
 create mode 100644 grub-core/kern/efi/sb.c
8631a2
 create mode 100644 include/grub/efi/sb.h
8631a2
 create mode 100644 include/grub/ia64/linux.h
8631a2
 create mode 100644 include/grub/mips/linux.h
8631a2
 create mode 100644 include/grub/powerpc/linux.h
8631a2
 create mode 100644 include/grub/sparc64/linux.h
8631a2
8631a2
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
8631a2
index 0b4b0c2122d..e92a7ef322f 100644
8631a2
--- a/grub-core/Makefile.core.def
8631a2
+++ b/grub-core/Makefile.core.def
8631a2
@@ -195,6 +195,7 @@ kernel = {
8631a2
   i386_multiboot = kern/i386/pc/acpi.c;
8631a2
   i386_coreboot = kern/acpi.c;
8631a2
   i386_multiboot = kern/acpi.c;
8631a2
+  common = kern/efi/sb.c;
8631a2
 
8631a2
   x86 = kern/i386/tsc.c;
8631a2
   x86 = kern/i386/tsc_pit.c;
8631a2
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
8631a2
index a0c164e54f0..41a7f3f0466 100644
8631a2
--- a/grub-core/commands/iorw.c
8631a2
+++ b/grub-core/commands/iorw.c
8631a2
@@ -23,6 +23,7 @@
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/cpu/io.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
8631a2
 
8631a2
 GRUB_MOD_INIT(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_read_byte =
8631a2
     grub_register_extcmd ("inb", grub_cmd_read, 0,
8631a2
 			  N_("PORT"), N_("Read 8-bit value from PORT."),
8631a2
@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw)
8631a2
 
8631a2
 GRUB_MOD_FINI(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_extcmd (cmd_read_byte);
8631a2
   grub_unregister_extcmd (cmd_read_word);
8631a2
   grub_unregister_extcmd (cmd_read_dword);
8631a2
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
8631a2
index 98769eadb34..088cbe9e2bc 100644
8631a2
--- a/grub-core/commands/memrw.c
8631a2
+++ b/grub-core/commands/memrw.c
8631a2
@@ -22,6 +22,7 @@
8631a2
 #include <grub/extcmd.h>
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
8631a2
 
8631a2
 GRUB_MOD_INIT(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_read_byte =
8631a2
     grub_register_extcmd ("read_byte", grub_cmd_read, 0,
8631a2
 			  N_("ADDR"), N_("Read 8-bit value from ADDR."),
8631a2
@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw)
8631a2
 
8631a2
 GRUB_MOD_FINI(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_extcmd (cmd_read_byte);
8631a2
   grub_unregister_extcmd (cmd_read_word);
8631a2
   grub_unregister_extcmd (cmd_read_dword);
8631a2
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
8631a2
index 04e804d1668..621070918d4 100644
8631a2
--- a/grub-core/kern/dl.c
8631a2
+++ b/grub-core/kern/dl.c
8631a2
@@ -32,6 +32,7 @@
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/cache.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 /* Platforms where modules are in a readonly area of memory.  */
8631a2
 #if defined(GRUB_MACHINE_QEMU)
8631a2
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
8631a2
index 91129e33566..708581fcbde 100644
8631a2
--- a/grub-core/kern/efi/efi.c
8631a2
+++ b/grub-core/kern/efi/efi.c
8631a2
@@ -273,40 +273,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
8631a2
   return NULL;
8631a2
 }
8631a2
 
8631a2
-grub_efi_boolean_t
8631a2
-grub_efi_secure_boot (void)
8631a2
-{
8631a2
-  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
8631a2
-  grub_size_t datasize;
8631a2
-  char *secure_boot = NULL;
8631a2
-  char *setup_mode = NULL;
8631a2
-  grub_efi_boolean_t ret = 0;
8631a2
-
8631a2
-  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
8631a2
-  if (datasize != 1 || !secure_boot)
8631a2
-    {
8631a2
-      grub_dprintf ("secureboot", "No SecureBoot variable\n");
8631a2
-      goto out;
8631a2
-    }
8631a2
-  grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
8631a2
-
8631a2
-  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
8631a2
-  if (datasize != 1 || !setup_mode)
8631a2
-    {
8631a2
-      grub_dprintf ("secureboot", "No SetupMode variable\n");
8631a2
-      goto out;
8631a2
-    }
8631a2
-  grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
8631a2
-
8631a2
-  if (*secure_boot && !*setup_mode)
8631a2
-    ret = 1;
8631a2
-
8631a2
- out:
8631a2
-  grub_free (secure_boot);
8631a2
-  grub_free (setup_mode);
8631a2
-  return ret;
8631a2
-}
8631a2
-
8631a2
 #pragma GCC diagnostic ignored "-Wcast-align"
8631a2
 
8631a2
 /* Search the mods section from the PE32/PE32+ image. This code uses
8631a2
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
8631a2
new file mode 100644
8631a2
index 00000000000..d74778b0cac
8631a2
--- /dev/null
8631a2
+++ b/grub-core/kern/efi/sb.c
8631a2
@@ -0,0 +1,64 @@
8631a2
+/*
8631a2
+ *  GRUB  --  GRand Unified Bootloader
8631a2
+ *  Copyright (C) 2014 Free Software Foundation, Inc.
8631a2
+ *
8631a2
+ *  GRUB is free software: you can redistribute it and/or modify
8631a2
+ *  it under the terms of the GNU General Public License as published by
8631a2
+ *  the Free Software Foundation, either version 3 of the License, or
8631a2
+ *  (at your option) any later version.
8631a2
+ *
8631a2
+ *  GRUB is distributed in the hope that it will be useful,
8631a2
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
8631a2
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
8631a2
+ *  GNU General Public License for more details.
8631a2
+ *
8631a2
+ *  You should have received a copy of the GNU General Public License
8631a2
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
8631a2
+ */
8631a2
+
8631a2
+#include <grub/err.h>
8631a2
+#include <grub/mm.h>
8631a2
+#include <grub/types.h>
8631a2
+#include <grub/cpu/linux.h>
8631a2
+#include <grub/efi/efi.h>
8631a2
+#include <grub/efi/pe32.h>
8631a2
+#include <grub/efi/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
+
8631a2
+int
8631a2
+grub_efi_secure_boot (void)
8631a2
+{
8631a2
+#ifdef GRUB_MACHINE_EFI
8631a2
+  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
8631a2
+  grub_size_t datasize;
8631a2
+  char *secure_boot = NULL;
8631a2
+  char *setup_mode = NULL;
8631a2
+  grub_efi_boolean_t ret = 0;
8631a2
+
8631a2
+  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
8631a2
+  if (datasize != 1 || !secure_boot)
8631a2
+    {
8631a2
+      grub_dprintf ("secureboot", "No SecureBoot variable\n");
8631a2
+      goto out;
8631a2
+    }
8631a2
+  grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
8631a2
+
8631a2
+  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
8631a2
+  if (datasize != 1 || !setup_mode)
8631a2
+    {
8631a2
+      grub_dprintf ("secureboot", "No SetupMode variable\n");
8631a2
+      goto out;
8631a2
+    }
8631a2
+  grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
8631a2
+
8631a2
+  if (*secure_boot && !*setup_mode)
8631a2
+    ret = 1;
8631a2
+
8631a2
+ out:
8631a2
+  grub_free (secure_boot);
8631a2
+  grub_free (setup_mode);
8631a2
+  return ret;
8631a2
+#else
8631a2
+  return 0;
8631a2
+#endif
8631a2
+}
8631a2
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
8631a2
index 74888c463ba..69c2a10d351 100644
8631a2
--- a/grub-core/loader/efi/appleloader.c
8631a2
+++ b/grub-core/loader/efi/appleloader.c
8631a2
@@ -24,6 +24,7 @@
8631a2
 #include <grub/misc.h>
8631a2
 #include <grub/efi/api.h>
8631a2
 #include <grub/efi/efi.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 #include <grub/command.h>
8631a2
 #include <grub/i18n.h>
8631a2
 
8631a2
@@ -227,6 +228,9 @@ static grub_command_t cmd;
8631a2
 
8631a2
 GRUB_MOD_INIT(appleloader)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
8631a2
 			       N_("[OPTS]"),
8631a2
 			       /* TRANSLATORS: This command is used on EFI to
8631a2
@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader)
8631a2
 
8631a2
 GRUB_MOD_FINI(appleloader)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd);
8631a2
 }
8631a2
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
8631a2
index af2189619a3..5cd9b6e08a8 100644
8631a2
--- a/grub-core/loader/efi/chainloader.c
8631a2
+++ b/grub-core/loader/efi/chainloader.c
8631a2
@@ -34,6 +34,7 @@
8631a2
 #include <grub/efi/disk.h>
8631a2
 #include <grub/efi/pe32.h>
8631a2
 #include <grub/efi/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 #include <grub/command.h>
8631a2
 #include <grub/i18n.h>
8631a2
 #include <grub/net.h>
8631a2
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
8631a2
index 7f96515da65..87709aa23e8 100644
8631a2
--- a/grub-core/loader/i386/bsd.c
8631a2
+++ b/grub-core/loader/i386/bsd.c
8631a2
@@ -38,6 +38,7 @@
8631a2
 #ifdef GRUB_MACHINE_PCBIOS
8631a2
 #include <grub/machine/int.h>
8631a2
 #endif
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -2124,6 +2125,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
8631a2
 
8631a2
 GRUB_MOD_INIT (bsd)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   /* Net and OpenBSD kernels are often compressed.  */
8631a2
   grub_dl_load ("gzio");
8631a2
 
8631a2
@@ -2163,6 +2167,9 @@ GRUB_MOD_INIT (bsd)
8631a2
 
8631a2
 GRUB_MOD_FINI (bsd)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_extcmd (cmd_freebsd);
8631a2
   grub_unregister_extcmd (cmd_openbsd);
8631a2
   grub_unregister_extcmd (cmd_netbsd);
8631a2
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
8631a2
index f7186be4002..c84747ea857 100644
8631a2
--- a/grub-core/loader/i386/linux.c
8631a2
+++ b/grub-core/loader/i386/linux.c
8631a2
@@ -35,6 +35,7 @@
8631a2
 #include <grub/i18n.h>
8631a2
 #include <grub/lib/cmdline.h>
8631a2
 #include <grub/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -1156,6 +1157,9 @@ static grub_command_t cmd_linux, cmd_initrd;
8631a2
 
8631a2
 GRUB_MOD_INIT(linux)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_linux = grub_register_command ("linux", grub_cmd_linux,
8631a2
 				     0, N_("Load Linux."));
8631a2
   cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
8631a2
@@ -1165,6 +1169,9 @@ GRUB_MOD_INIT(linux)
8631a2
 
8631a2
 GRUB_MOD_FINI(linux)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd_linux);
8631a2
   grub_unregister_command (cmd_initrd);
8631a2
 }
8631a2
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
8631a2
index caa76bee8af..783a3cd93bc 100644
8631a2
--- a/grub-core/loader/i386/pc/linux.c
8631a2
+++ b/grub-core/loader/i386/pc/linux.c
8631a2
@@ -35,6 +35,7 @@
8631a2
 #include <grub/i386/floppy.h>
8631a2
 #include <grub/lib/cmdline.h>
8631a2
 #include <grub/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -480,6 +481,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16;
8631a2
 
8631a2
 GRUB_MOD_INIT(linux16)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_linux =
8631a2
     grub_register_command ("linux", grub_cmd_linux,
8631a2
 			   0, N_("Load Linux."));
8631a2
@@ -497,6 +501,9 @@ GRUB_MOD_INIT(linux16)
8631a2
 
8631a2
 GRUB_MOD_FINI(linux16)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd_linux);
8631a2
   grub_unregister_command (cmd_linux16);
8631a2
   grub_unregister_command (cmd_initrd);
8631a2
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
8631a2
index 40c67e82489..26df46a4161 100644
8631a2
--- a/grub-core/loader/multiboot.c
8631a2
+++ b/grub-core/loader/multiboot.c
8631a2
@@ -50,6 +50,7 @@
8631a2
 #include <grub/video.h>
8631a2
 #include <grub/memory.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -446,6 +447,9 @@ static grub_command_t cmd_multiboot, cmd_module;
8631a2
 
8631a2
 GRUB_MOD_INIT(multiboot)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_multiboot =
8631a2
 #ifdef GRUB_USE_MULTIBOOT2
8631a2
     grub_register_command ("multiboot2", grub_cmd_multiboot,
8631a2
@@ -466,6 +470,9 @@ GRUB_MOD_INIT(multiboot)
8631a2
 
8631a2
 GRUB_MOD_FINI(multiboot)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd_multiboot);
8631a2
   grub_unregister_command (cmd_module);
8631a2
 }
8631a2
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
8631a2
index c9885b1bcd7..df8dfdb4ba0 100644
8631a2
--- a/grub-core/loader/xnu.c
8631a2
+++ b/grub-core/loader/xnu.c
8631a2
@@ -33,6 +33,7 @@
8631a2
 #include <grub/extcmd.h>
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -1469,6 +1470,9 @@ static grub_extcmd_t cmd_splash;
8631a2
 
8631a2
 GRUB_MOD_INIT(xnu)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0,
8631a2
 				      N_("Load XNU image."));
8631a2
   cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
8631a2
@@ -1509,6 +1513,9 @@ GRUB_MOD_INIT(xnu)
8631a2
 
8631a2
 GRUB_MOD_FINI(xnu)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
 #ifndef GRUB_MACHINE_EMU
8631a2
   grub_unregister_command (cmd_resume);
8631a2
 #endif
8631a2
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
8631a2
index 1061aee9726..39480b38674 100644
8631a2
--- a/include/grub/efi/efi.h
8631a2
+++ b/include/grub/efi/efi.h
8631a2
@@ -85,7 +85,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
8631a2
 				     const grub_efi_guid_t *guid,
8631a2
 				     void *data,
8631a2
 				     grub_size_t datasize);
8631a2
-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void);
8631a2
 int
8631a2
 EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
8631a2
 					     const grub_efi_device_path_t *dp2);
8631a2
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
8631a2
new file mode 100644
8631a2
index 00000000000..9629fbb0f9e
8631a2
--- /dev/null
8631a2
+++ b/include/grub/efi/sb.h
8631a2
@@ -0,0 +1,29 @@
8631a2
+/* sb.h - declare functions for EFI Secure Boot support */
8631a2
+/*
8631a2
+ *  GRUB  --  GRand Unified Bootloader
8631a2
+ *  Copyright (C) 2006,2007,2008,2009  Free Software Foundation, Inc.
8631a2
+ *
8631a2
+ *  GRUB is free software: you can redistribute it and/or modify
8631a2
+ *  it under the terms of the GNU General Public License as published by
8631a2
+ *  the Free Software Foundation, either version 3 of the License, or
8631a2
+ *  (at your option) any later version.
8631a2
+ *
8631a2
+ *  GRUB is distributed in the hope that it will be useful,
8631a2
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
8631a2
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
8631a2
+ *  GNU General Public License for more details.
8631a2
+ *
8631a2
+ *  You should have received a copy of the GNU General Public License
8631a2
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
8631a2
+ */
8631a2
+
8631a2
+#ifndef GRUB_EFI_SB_HEADER
8631a2
+#define GRUB_EFI_SB_HEADER	1
8631a2
+
8631a2
+#include <grub/types.h>
8631a2
+#include <grub/dl.h>
8631a2
+
8631a2
+/* Functions.  */
8631a2
+int EXPORT_FUNC (grub_efi_secure_boot) (void);
8631a2
+
8631a2
+#endif /* ! GRUB_EFI_SB_HEADER */
8631a2
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
8631a2
new file mode 100644
8631a2
index 00000000000..e69de29bb2d
8631a2
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
8631a2
new file mode 100644
8631a2
index 00000000000..e69de29bb2d
8631a2
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
8631a2
new file mode 100644
8631a2
index 00000000000..e69de29bb2d
8631a2
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
8631a2
new file mode 100644
8631a2
index 00000000000..e69de29bb2d
8631a2
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
8631a2
index f4ff62b769a..9c69aa88626 100644
8631a2
--- a/grub-core/Makefile.am
8631a2
+++ b/grub-core/Makefile.am
8631a2
@@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h
8631a2
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h