nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0005-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch

8631a2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
8631a2
From: Peter Jones <pjones@redhat.com>
8631a2
Date: Tue, 6 Oct 2015 16:09:25 -0400
8631a2
Subject: [PATCH] Make any of the loaders that link in efi mode honor secure
8631a2
 boot.
8631a2
8631a2
And in this case "honor" means "even if somebody does link this in, they
8631a2
won't register commands if SB is enabled."
8631a2
8631a2
Signed-off-by: Peter Jones <pjones@redhat.com>
8631a2
---
8631a2
 grub-core/Makefile.core.def        |  1 +
8631a2
 grub-core/commands/iorw.c          |  7 +++++
8631a2
 grub-core/commands/memrw.c         |  7 +++++
8631a2
 grub-core/kern/dl.c                |  1 +
8631a2
 grub-core/kern/efi/efi.c           | 34 --------------------
8631a2
 grub-core/kern/efi/sb.c            | 64 ++++++++++++++++++++++++++++++++++++++
8631a2
 grub-core/loader/efi/appleloader.c |  7 +++++
8631a2
 grub-core/loader/efi/chainloader.c |  1 +
8631a2
 grub-core/loader/i386/bsd.c        |  7 +++++
8631a2
 grub-core/loader/i386/linux.c      |  7 +++++
8631a2
 grub-core/loader/i386/pc/linux.c   |  7 +++++
8631a2
 grub-core/loader/multiboot.c       |  7 +++++
8631a2
 grub-core/loader/xnu.c             |  7 +++++
8631a2
 include/grub/efi/efi.h             |  1 -
8631a2
 include/grub/efi/sb.h              | 29 +++++++++++++++++
8631a2
 include/grub/ia64/linux.h          |  0
8631a2
 include/grub/mips/linux.h          |  0
8631a2
 include/grub/powerpc/linux.h       |  0
8631a2
 include/grub/sparc64/linux.h       |  0
8631a2
 grub-core/Makefile.am              |  1 +
8631a2
 20 files changed, 153 insertions(+), 35 deletions(-)
8631a2
 create mode 100644 grub-core/kern/efi/sb.c
8631a2
 create mode 100644 include/grub/efi/sb.h
8631a2
 create mode 100644 include/grub/ia64/linux.h
8631a2
 create mode 100644 include/grub/mips/linux.h
8631a2
 create mode 100644 include/grub/powerpc/linux.h
8631a2
 create mode 100644 include/grub/sparc64/linux.h
8631a2
8631a2
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
09e3cc
index 0b4b0c212..e92a7ef32 100644
8631a2
--- a/grub-core/Makefile.core.def
8631a2
+++ b/grub-core/Makefile.core.def
8631a2
@@ -195,6 +195,7 @@ kernel = {
8631a2
   i386_multiboot = kern/i386/pc/acpi.c;
8631a2
   i386_coreboot = kern/acpi.c;
8631a2
   i386_multiboot = kern/acpi.c;
8631a2
+  common = kern/efi/sb.c;
8631a2
 
8631a2
   x86 = kern/i386/tsc.c;
8631a2
   x86 = kern/i386/tsc_pit.c;
8631a2
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
09e3cc
index a0c164e54..41a7f3f04 100644
8631a2
--- a/grub-core/commands/iorw.c
8631a2
+++ b/grub-core/commands/iorw.c
8631a2
@@ -23,6 +23,7 @@
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/cpu/io.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
8631a2
 
8631a2
 GRUB_MOD_INIT(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_read_byte =
8631a2
     grub_register_extcmd ("inb", grub_cmd_read, 0,
8631a2
 			  N_("PORT"), N_("Read 8-bit value from PORT."),
8631a2
@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw)
8631a2
 
8631a2
 GRUB_MOD_FINI(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_extcmd (cmd_read_byte);
8631a2
   grub_unregister_extcmd (cmd_read_word);
8631a2
   grub_unregister_extcmd (cmd_read_dword);
8631a2
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
09e3cc
index 98769eadb..088cbe9e2 100644
8631a2
--- a/grub-core/commands/memrw.c
8631a2
+++ b/grub-core/commands/memrw.c
8631a2
@@ -22,6 +22,7 @@
8631a2
 #include <grub/extcmd.h>
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
8631a2
 
8631a2
 GRUB_MOD_INIT(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_read_byte =
8631a2
     grub_register_extcmd ("read_byte", grub_cmd_read, 0,
8631a2
 			  N_("ADDR"), N_("Read 8-bit value from ADDR."),
8631a2
@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw)
8631a2
 
8631a2
 GRUB_MOD_FINI(memrw)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_extcmd (cmd_read_byte);
8631a2
   grub_unregister_extcmd (cmd_read_word);
8631a2
   grub_unregister_extcmd (cmd_read_dword);
8631a2
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
09e3cc
index 04e804d16..621070918 100644
8631a2
--- a/grub-core/kern/dl.c
8631a2
+++ b/grub-core/kern/dl.c
8631a2
@@ -32,6 +32,7 @@
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/cache.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 /* Platforms where modules are in a readonly area of memory.  */
8631a2
 #if defined(GRUB_MACHINE_QEMU)
8631a2
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
09e3cc
index 91129e335..708581fcb 100644
8631a2
--- a/grub-core/kern/efi/efi.c
8631a2
+++ b/grub-core/kern/efi/efi.c
8631a2
@@ -273,40 +273,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
8631a2
   return NULL;
8631a2
 }
8631a2
 
8631a2
-grub_efi_boolean_t
8631a2
-grub_efi_secure_boot (void)
8631a2
-{
8631a2
-  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
8631a2
-  grub_size_t datasize;
8631a2
-  char *secure_boot = NULL;
8631a2
-  char *setup_mode = NULL;
8631a2
-  grub_efi_boolean_t ret = 0;
8631a2
-
8631a2
-  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
8631a2
-  if (datasize != 1 || !secure_boot)
8631a2
-    {
8631a2
-      grub_dprintf ("secureboot", "No SecureBoot variable\n");
8631a2
-      goto out;
8631a2
-    }
8631a2
-  grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
8631a2
-
8631a2
-  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
8631a2
-  if (datasize != 1 || !setup_mode)
8631a2
-    {
8631a2
-      grub_dprintf ("secureboot", "No SetupMode variable\n");
8631a2
-      goto out;
8631a2
-    }
8631a2
-  grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
8631a2
-
8631a2
-  if (*secure_boot && !*setup_mode)
8631a2
-    ret = 1;
8631a2
-
8631a2
- out:
8631a2
-  grub_free (secure_boot);
8631a2
-  grub_free (setup_mode);
8631a2
-  return ret;
8631a2
-}
8631a2
-
8631a2
 #pragma GCC diagnostic ignored "-Wcast-align"
8631a2
 
8631a2
 /* Search the mods section from the PE32/PE32+ image. This code uses
8631a2
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
8631a2
new file mode 100644
09e3cc
index 000000000..d74778b0c
8631a2
--- /dev/null
8631a2
+++ b/grub-core/kern/efi/sb.c
8631a2
@@ -0,0 +1,64 @@
8631a2
+/*
8631a2
+ *  GRUB  --  GRand Unified Bootloader
8631a2
+ *  Copyright (C) 2014 Free Software Foundation, Inc.
8631a2
+ *
8631a2
+ *  GRUB is free software: you can redistribute it and/or modify
8631a2
+ *  it under the terms of the GNU General Public License as published by
8631a2
+ *  the Free Software Foundation, either version 3 of the License, or
8631a2
+ *  (at your option) any later version.
8631a2
+ *
8631a2
+ *  GRUB is distributed in the hope that it will be useful,
8631a2
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
8631a2
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
8631a2
+ *  GNU General Public License for more details.
8631a2
+ *
8631a2
+ *  You should have received a copy of the GNU General Public License
8631a2
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
8631a2
+ */
8631a2
+
8631a2
+#include <grub/err.h>
8631a2
+#include <grub/mm.h>
8631a2
+#include <grub/types.h>
8631a2
+#include <grub/cpu/linux.h>
8631a2
+#include <grub/efi/efi.h>
8631a2
+#include <grub/efi/pe32.h>
8631a2
+#include <grub/efi/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
+
8631a2
+int
8631a2
+grub_efi_secure_boot (void)
8631a2
+{
8631a2
+#ifdef GRUB_MACHINE_EFI
8631a2
+  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
8631a2
+  grub_size_t datasize;
8631a2
+  char *secure_boot = NULL;
8631a2
+  char *setup_mode = NULL;
8631a2
+  grub_efi_boolean_t ret = 0;
8631a2
+
8631a2
+  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
8631a2
+  if (datasize != 1 || !secure_boot)
8631a2
+    {
8631a2
+      grub_dprintf ("secureboot", "No SecureBoot variable\n");
8631a2
+      goto out;
8631a2
+    }
8631a2
+  grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);
8631a2
+
8631a2
+  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
8631a2
+  if (datasize != 1 || !setup_mode)
8631a2
+    {
8631a2
+      grub_dprintf ("secureboot", "No SetupMode variable\n");
8631a2
+      goto out;
8631a2
+    }
8631a2
+  grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);
8631a2
+
8631a2
+  if (*secure_boot && !*setup_mode)
8631a2
+    ret = 1;
8631a2
+
8631a2
+ out:
8631a2
+  grub_free (secure_boot);
8631a2
+  grub_free (setup_mode);
8631a2
+  return ret;
8631a2
+#else
8631a2
+  return 0;
8631a2
+#endif
8631a2
+}
8631a2
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
09e3cc
index 74888c463..69c2a10d3 100644
8631a2
--- a/grub-core/loader/efi/appleloader.c
8631a2
+++ b/grub-core/loader/efi/appleloader.c
8631a2
@@ -24,6 +24,7 @@
8631a2
 #include <grub/misc.h>
8631a2
 #include <grub/efi/api.h>
8631a2
 #include <grub/efi/efi.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 #include <grub/command.h>
8631a2
 #include <grub/i18n.h>
8631a2
 
8631a2
@@ -227,6 +228,9 @@ static grub_command_t cmd;
8631a2
 
8631a2
 GRUB_MOD_INIT(appleloader)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
8631a2
 			       N_("[OPTS]"),
8631a2
 			       /* TRANSLATORS: This command is used on EFI to
8631a2
@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader)
8631a2
 
8631a2
 GRUB_MOD_FINI(appleloader)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd);
8631a2
 }
8631a2
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
09e3cc
index af2189619..5cd9b6e08 100644
8631a2
--- a/grub-core/loader/efi/chainloader.c
8631a2
+++ b/grub-core/loader/efi/chainloader.c
8631a2
@@ -34,6 +34,7 @@
8631a2
 #include <grub/efi/disk.h>
8631a2
 #include <grub/efi/pe32.h>
8631a2
 #include <grub/efi/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 #include <grub/command.h>
8631a2
 #include <grub/i18n.h>
8631a2
 #include <grub/net.h>
8631a2
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
09e3cc
index 7f96515da..87709aa23 100644
8631a2
--- a/grub-core/loader/i386/bsd.c
8631a2
+++ b/grub-core/loader/i386/bsd.c
8631a2
@@ -38,6 +38,7 @@
8631a2
 #ifdef GRUB_MACHINE_PCBIOS
8631a2
 #include <grub/machine/int.h>
8631a2
 #endif
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -2124,6 +2125,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
8631a2
 
8631a2
 GRUB_MOD_INIT (bsd)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   /* Net and OpenBSD kernels are often compressed.  */
8631a2
   grub_dl_load ("gzio");
8631a2
 
8631a2
@@ -2163,6 +2167,9 @@ GRUB_MOD_INIT (bsd)
8631a2
 
8631a2
 GRUB_MOD_FINI (bsd)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_extcmd (cmd_freebsd);
8631a2
   grub_unregister_extcmd (cmd_openbsd);
8631a2
   grub_unregister_extcmd (cmd_netbsd);
8631a2
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
09e3cc
index f7186be40..c84747ea8 100644
8631a2
--- a/grub-core/loader/i386/linux.c
8631a2
+++ b/grub-core/loader/i386/linux.c
8631a2
@@ -35,6 +35,7 @@
8631a2
 #include <grub/i18n.h>
8631a2
 #include <grub/lib/cmdline.h>
8631a2
 #include <grub/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -1156,6 +1157,9 @@ static grub_command_t cmd_linux, cmd_initrd;
8631a2
 
8631a2
 GRUB_MOD_INIT(linux)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_linux = grub_register_command ("linux", grub_cmd_linux,
8631a2
 				     0, N_("Load Linux."));
8631a2
   cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
8631a2
@@ -1165,6 +1169,9 @@ GRUB_MOD_INIT(linux)
8631a2
 
8631a2
 GRUB_MOD_FINI(linux)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd_linux);
8631a2
   grub_unregister_command (cmd_initrd);
8631a2
 }
8631a2
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
09e3cc
index caa76bee8..783a3cd93 100644
8631a2
--- a/grub-core/loader/i386/pc/linux.c
8631a2
+++ b/grub-core/loader/i386/pc/linux.c
8631a2
@@ -35,6 +35,7 @@
8631a2
 #include <grub/i386/floppy.h>
8631a2
 #include <grub/lib/cmdline.h>
8631a2
 #include <grub/linux.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -480,6 +481,9 @@ static grub_command_t cmd_linux, cmd_linux16, cmd_initrd, cmd_initrd16;
8631a2
 
8631a2
 GRUB_MOD_INIT(linux16)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_linux =
8631a2
     grub_register_command ("linux", grub_cmd_linux,
8631a2
 			   0, N_("Load Linux."));
8631a2
@@ -497,6 +501,9 @@ GRUB_MOD_INIT(linux16)
8631a2
 
8631a2
 GRUB_MOD_FINI(linux16)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd_linux);
8631a2
   grub_unregister_command (cmd_linux16);
8631a2
   grub_unregister_command (cmd_initrd);
8631a2
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
09e3cc
index 40c67e824..26df46a41 100644
8631a2
--- a/grub-core/loader/multiboot.c
8631a2
+++ b/grub-core/loader/multiboot.c
8631a2
@@ -50,6 +50,7 @@
8631a2
 #include <grub/video.h>
8631a2
 #include <grub/memory.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -446,6 +447,9 @@ static grub_command_t cmd_multiboot, cmd_module;
8631a2
 
8631a2
 GRUB_MOD_INIT(multiboot)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_multiboot =
8631a2
 #ifdef GRUB_USE_MULTIBOOT2
8631a2
     grub_register_command ("multiboot2", grub_cmd_multiboot,
8631a2
@@ -466,6 +470,9 @@ GRUB_MOD_INIT(multiboot)
8631a2
 
8631a2
 GRUB_MOD_FINI(multiboot)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   grub_unregister_command (cmd_multiboot);
8631a2
   grub_unregister_command (cmd_module);
8631a2
 }
8631a2
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
09e3cc
index c9885b1bc..df8dfdb4b 100644
8631a2
--- a/grub-core/loader/xnu.c
8631a2
+++ b/grub-core/loader/xnu.c
8631a2
@@ -33,6 +33,7 @@
8631a2
 #include <grub/extcmd.h>
8631a2
 #include <grub/env.h>
8631a2
 #include <grub/i18n.h>
8631a2
+#include <grub/efi/sb.h>
8631a2
 
8631a2
 GRUB_MOD_LICENSE ("GPLv3+");
8631a2
 
8631a2
@@ -1469,6 +1470,9 @@ static grub_extcmd_t cmd_splash;
8631a2
 
8631a2
 GRUB_MOD_INIT(xnu)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
   cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0,
8631a2
 				      N_("Load XNU image."));
8631a2
   cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
8631a2
@@ -1509,6 +1513,9 @@ GRUB_MOD_INIT(xnu)
8631a2
 
8631a2
 GRUB_MOD_FINI(xnu)
8631a2
 {
8631a2
+  if (grub_efi_secure_boot())
8631a2
+    return;
8631a2
+
8631a2
 #ifndef GRUB_MACHINE_EMU
8631a2
   grub_unregister_command (cmd_resume);
8631a2
 #endif
8631a2
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
09e3cc
index 1061aee97..39480b386 100644
8631a2
--- a/include/grub/efi/efi.h
8631a2
+++ b/include/grub/efi/efi.h
8631a2
@@ -85,7 +85,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
8631a2
 				     const grub_efi_guid_t *guid,
8631a2
 				     void *data,
8631a2
 				     grub_size_t datasize);
8631a2
-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void);
8631a2
 int
8631a2
 EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
8631a2
 					     const grub_efi_device_path_t *dp2);
8631a2
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
8631a2
new file mode 100644
09e3cc
index 000000000..9629fbb0f
8631a2
--- /dev/null
8631a2
+++ b/include/grub/efi/sb.h
8631a2
@@ -0,0 +1,29 @@
8631a2
+/* sb.h - declare functions for EFI Secure Boot support */
8631a2
+/*
8631a2
+ *  GRUB  --  GRand Unified Bootloader
8631a2
+ *  Copyright (C) 2006,2007,2008,2009  Free Software Foundation, Inc.
8631a2
+ *
8631a2
+ *  GRUB is free software: you can redistribute it and/or modify
8631a2
+ *  it under the terms of the GNU General Public License as published by
8631a2
+ *  the Free Software Foundation, either version 3 of the License, or
8631a2
+ *  (at your option) any later version.
8631a2
+ *
8631a2
+ *  GRUB is distributed in the hope that it will be useful,
8631a2
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
8631a2
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
8631a2
+ *  GNU General Public License for more details.
8631a2
+ *
8631a2
+ *  You should have received a copy of the GNU General Public License
8631a2
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
8631a2
+ */
8631a2
+
8631a2
+#ifndef GRUB_EFI_SB_HEADER
8631a2
+#define GRUB_EFI_SB_HEADER	1
8631a2
+
8631a2
+#include <grub/types.h>
8631a2
+#include <grub/dl.h>
8631a2
+
8631a2
+/* Functions.  */
8631a2
+int EXPORT_FUNC (grub_efi_secure_boot) (void);
8631a2
+
8631a2
+#endif /* ! GRUB_EFI_SB_HEADER */
8631a2
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
8631a2
new file mode 100644
09e3cc
index 000000000..e69de29bb
8631a2
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
8631a2
new file mode 100644
09e3cc
index 000000000..e69de29bb
8631a2
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
8631a2
new file mode 100644
09e3cc
index 000000000..e69de29bb
8631a2
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
8631a2
new file mode 100644
09e3cc
index 000000000..e69de29bb
8631a2
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
09e3cc
index f4ff62b76..9c69aa886 100644
8631a2
--- a/grub-core/Makefile.am
8631a2
+++ b/grub-core/Makefile.am
8631a2
@@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h
8631a2
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
8631a2
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h