Blame SOURCES/0221-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch

4fe85b
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
4fe85b
From: Peter Jones <pjones@redhat.com>
4fe85b
Date: Tue, 6 Oct 2015 16:09:25 -0400
4fe85b
Subject: [PATCH] Make any of the loaders that link in efi mode honor secure
4fe85b
 boot.
4fe85b
4fe85b
And in this case "honor" means "even if somebody does link this in, they
4fe85b
won't register commands if SB is enabled."
4fe85b
4fe85b
Signed-off-by: Peter Jones <pjones@redhat.com>
4fe85b
---
4fe85b
 grub-core/Makefile.core.def        |  2 ++
4fe85b
 grub-core/commands/iorw.c          |  7 +++++
4fe85b
 grub-core/commands/memrw.c         |  7 +++++
4fe85b
 grub-core/kern/efi/efi.c           | 28 ------------------
4fe85b
 grub-core/kern/efi/sb.c            | 58 ++++++++++++++++++++++++++++++++++++++
4fe85b
 grub-core/loader/efi/appleloader.c |  7 +++++
4fe85b
 grub-core/loader/efi/chainloader.c |  1 +
4fe85b
 grub-core/loader/i386/bsd.c        |  7 +++++
4fe85b
 grub-core/loader/i386/linux.c      |  7 +++++
4fe85b
 grub-core/loader/i386/pc/linux.c   |  7 +++++
4fe85b
 grub-core/loader/multiboot.c       |  7 +++++
4fe85b
 grub-core/loader/xnu.c             |  7 +++++
4fe85b
 include/grub/efi/efi.h             |  1 -
4fe85b
 include/grub/efi/sb.h              | 29 +++++++++++++++++++
4fe85b
 include/grub/ia64/linux.h          |  0
4fe85b
 include/grub/mips/linux.h          |  0
4fe85b
 include/grub/powerpc/linux.h       |  0
4fe85b
 include/grub/sparc64/linux.h       |  0
4fe85b
 grub-core/Makefile.am              |  1 +
4fe85b
 19 files changed, 147 insertions(+), 29 deletions(-)
4fe85b
 create mode 100644 grub-core/kern/efi/sb.c
4fe85b
 create mode 100644 include/grub/efi/sb.h
4fe85b
 create mode 100644 include/grub/ia64/linux.h
4fe85b
 create mode 100644 include/grub/mips/linux.h
4fe85b
 create mode 100644 include/grub/powerpc/linux.h
4fe85b
 create mode 100644 include/grub/sparc64/linux.h
4fe85b
4fe85b
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
4fe85b
index 4fc74393335..b340ceeec7f 100644
4fe85b
--- a/grub-core/Makefile.core.def
4fe85b
+++ b/grub-core/Makefile.core.def
4fe85b
@@ -175,6 +175,8 @@ kernel = {
4fe85b
   efi = term/efi/console.c;
4fe85b
   efi = lib/envblk.c;
4fe85b
 
4fe85b
+  common = kern/efi/sb.c;
4fe85b
+
4fe85b
   x86 = kern/i386/tsc.c;
4fe85b
 
4fe85b
   i386_efi = kern/i386/efi/init.c;
4fe85b
diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
4fe85b
index a0c164e54f0..41a7f3f0466 100644
4fe85b
--- a/grub-core/commands/iorw.c
4fe85b
+++ b/grub-core/commands/iorw.c
4fe85b
@@ -23,6 +23,7 @@
4fe85b
 #include <grub/env.h>
4fe85b
 #include <grub/cpu/io.h>
4fe85b
 #include <grub/i18n.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 
4fe85b
 GRUB_MOD_LICENSE ("GPLv3+");
4fe85b
 
4fe85b
@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
4fe85b
 
4fe85b
 GRUB_MOD_INIT(memrw)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   cmd_read_byte =
4fe85b
     grub_register_extcmd ("inb", grub_cmd_read, 0,
4fe85b
 			  N_("PORT"), N_("Read 8-bit value from PORT."),
4fe85b
@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw)
4fe85b
 
4fe85b
 GRUB_MOD_FINI(memrw)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   grub_unregister_extcmd (cmd_read_byte);
4fe85b
   grub_unregister_extcmd (cmd_read_word);
4fe85b
   grub_unregister_extcmd (cmd_read_dword);
4fe85b
diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
4fe85b
index 98769eadb34..088cbe9e2bc 100644
4fe85b
--- a/grub-core/commands/memrw.c
4fe85b
+++ b/grub-core/commands/memrw.c
4fe85b
@@ -22,6 +22,7 @@
4fe85b
 #include <grub/extcmd.h>
4fe85b
 #include <grub/env.h>
4fe85b
 #include <grub/i18n.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 
4fe85b
 GRUB_MOD_LICENSE ("GPLv3+");
4fe85b
 
4fe85b
@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv)
4fe85b
 
4fe85b
 GRUB_MOD_INIT(memrw)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   cmd_read_byte =
4fe85b
     grub_register_extcmd ("read_byte", grub_cmd_read, 0,
4fe85b
 			  N_("ADDR"), N_("Read 8-bit value from ADDR."),
4fe85b
@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw)
4fe85b
 
4fe85b
 GRUB_MOD_FINI(memrw)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   grub_unregister_extcmd (cmd_read_byte);
4fe85b
   grub_unregister_extcmd (cmd_read_word);
4fe85b
   grub_unregister_extcmd (cmd_read_dword);
4fe85b
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
4fe85b
index c80d85b677e..7dfe2ef1455 100644
4fe85b
--- a/grub-core/kern/efi/efi.c
4fe85b
+++ b/grub-core/kern/efi/efi.c
4fe85b
@@ -260,34 +260,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
4fe85b
   return NULL;
4fe85b
 }
4fe85b
 
4fe85b
-grub_efi_boolean_t
4fe85b
-grub_efi_secure_boot (void)
4fe85b
-{
4fe85b
-  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
4fe85b
-  grub_size_t datasize;
4fe85b
-  char *secure_boot = NULL;
4fe85b
-  char *setup_mode = NULL;
4fe85b
-  grub_efi_boolean_t ret = 0;
4fe85b
-
4fe85b
-  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
4fe85b
-
4fe85b
-  if (datasize != 1 || !secure_boot)
4fe85b
-    goto out;
4fe85b
-
4fe85b
-  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
4fe85b
-
4fe85b
-  if (datasize != 1 || !setup_mode)
4fe85b
-    goto out;
4fe85b
-
4fe85b
-  if (*secure_boot && !*setup_mode)
4fe85b
-    ret = 1;
4fe85b
-
4fe85b
- out:
4fe85b
-  grub_free (secure_boot);
4fe85b
-  grub_free (setup_mode);
4fe85b
-  return ret;
4fe85b
-}
4fe85b
-
4fe85b
 #pragma GCC diagnostic ignored "-Wcast-align"
4fe85b
 
4fe85b
 /* Search the mods section from the PE32/PE32+ image. This code uses
4fe85b
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
4fe85b
new file mode 100644
4fe85b
index 00000000000..a41b6c5b851
4fe85b
--- /dev/null
4fe85b
+++ b/grub-core/kern/efi/sb.c
4fe85b
@@ -0,0 +1,58 @@
4fe85b
+/*
4fe85b
+ *  GRUB  --  GRand Unified Bootloader
4fe85b
+ *  Copyright (C) 2014 Free Software Foundation, Inc.
4fe85b
+ *
4fe85b
+ *  GRUB is free software: you can redistribute it and/or modify
4fe85b
+ *  it under the terms of the GNU General Public License as published by
4fe85b
+ *  the Free Software Foundation, either version 3 of the License, or
4fe85b
+ *  (at your option) any later version.
4fe85b
+ *
4fe85b
+ *  GRUB is distributed in the hope that it will be useful,
4fe85b
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
4fe85b
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
4fe85b
+ *  GNU General Public License for more details.
4fe85b
+ *
4fe85b
+ *  You should have received a copy of the GNU General Public License
4fe85b
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
4fe85b
+ */
4fe85b
+
4fe85b
+#include <grub/err.h>
4fe85b
+#include <grub/mm.h>
4fe85b
+#include <grub/types.h>
4fe85b
+#include <grub/cpu/linux.h>
4fe85b
+#include <grub/efi/efi.h>
4fe85b
+#include <grub/efi/pe32.h>
4fe85b
+#include <grub/efi/linux.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
+
4fe85b
+int
4fe85b
+grub_efi_secure_boot (void)
4fe85b
+{
4fe85b
+#ifdef GRUB_MACHINE_EFI
4fe85b
+  grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
4fe85b
+  grub_size_t datasize;
4fe85b
+  char *secure_boot = NULL;
4fe85b
+  char *setup_mode = NULL;
4fe85b
+  grub_efi_boolean_t ret = 0;
4fe85b
+
4fe85b
+  secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);
4fe85b
+
4fe85b
+  if (datasize != 1 || !secure_boot)
4fe85b
+    goto out;
4fe85b
+
4fe85b
+  setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);
4fe85b
+
4fe85b
+  if (datasize != 1 || !setup_mode)
4fe85b
+    goto out;
4fe85b
+
4fe85b
+  if (*secure_boot && !*setup_mode)
4fe85b
+    ret = 1;
4fe85b
+
4fe85b
+ out:
4fe85b
+  grub_free (secure_boot);
4fe85b
+  grub_free (setup_mode);
4fe85b
+  return ret;
4fe85b
+#else
4fe85b
+  return 0;
4fe85b
+#endif
4fe85b
+}
4fe85b
diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c
4fe85b
index 74888c463ba..69c2a10d351 100644
4fe85b
--- a/grub-core/loader/efi/appleloader.c
4fe85b
+++ b/grub-core/loader/efi/appleloader.c
4fe85b
@@ -24,6 +24,7 @@
4fe85b
 #include <grub/misc.h>
4fe85b
 #include <grub/efi/api.h>
4fe85b
 #include <grub/efi/efi.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 #include <grub/command.h>
4fe85b
 #include <grub/i18n.h>
4fe85b
 
4fe85b
@@ -227,6 +228,9 @@ static grub_command_t cmd;
4fe85b
 
4fe85b
 GRUB_MOD_INIT(appleloader)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   cmd = grub_register_command ("appleloader", grub_cmd_appleloader,
4fe85b
 			       N_("[OPTS]"),
4fe85b
 			       /* TRANSLATORS: This command is used on EFI to
4fe85b
@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader)
4fe85b
 
4fe85b
 GRUB_MOD_FINI(appleloader)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   grub_unregister_command (cmd);
4fe85b
 }
4fe85b
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
4fe85b
index 87a91e16f17..aee8e6becf6 100644
4fe85b
--- a/grub-core/loader/efi/chainloader.c
4fe85b
+++ b/grub-core/loader/efi/chainloader.c
4fe85b
@@ -34,6 +34,7 @@
4fe85b
 #include <grub/efi/disk.h>
4fe85b
 #include <grub/efi/pe32.h>
4fe85b
 #include <grub/efi/linux.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 #include <grub/command.h>
4fe85b
 #include <grub/i18n.h>
4fe85b
 #include <grub/net.h>
4fe85b
diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
4fe85b
index 8f691e0e2d1..b671f59b62a 100644
4fe85b
--- a/grub-core/loader/i386/bsd.c
4fe85b
+++ b/grub-core/loader/i386/bsd.c
4fe85b
@@ -38,6 +38,7 @@
4fe85b
 #ifdef GRUB_MACHINE_PCBIOS
4fe85b
 #include <grub/machine/int.h>
4fe85b
 #endif
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 
4fe85b
 GRUB_MOD_LICENSE ("GPLv3+");
4fe85b
 
4fe85b
@@ -2111,6 +2112,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk;
4fe85b
 
4fe85b
 GRUB_MOD_INIT (bsd)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   /* Net and OpenBSD kernels are often compressed.  */
4fe85b
   grub_dl_load ("gzio");
4fe85b
 
4fe85b
@@ -2150,6 +2154,9 @@ GRUB_MOD_INIT (bsd)
4fe85b
 
4fe85b
 GRUB_MOD_FINI (bsd)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   grub_unregister_extcmd (cmd_freebsd);
4fe85b
   grub_unregister_extcmd (cmd_openbsd);
4fe85b
   grub_unregister_extcmd (cmd_netbsd);
4fe85b
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
4fe85b
index 2ae176315b6..bd37c69b5d0 100644
4fe85b
--- a/grub-core/loader/i386/linux.c
4fe85b
+++ b/grub-core/loader/i386/linux.c
4fe85b
@@ -35,6 +35,7 @@
4fe85b
 #include <grub/i18n.h>
4fe85b
 #include <grub/lib/cmdline.h>
4fe85b
 #include <grub/linux.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 
4fe85b
 GRUB_MOD_LICENSE ("GPLv3+");
4fe85b
 
4fe85b
@@ -1137,6 +1138,9 @@ static grub_command_t cmd_linux, cmd_initrd;
4fe85b
 
4fe85b
 GRUB_MOD_INIT(linux)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   cmd_linux = grub_register_command ("linux", grub_cmd_linux,
4fe85b
 				     0, N_("Load Linux."));
4fe85b
   cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
4fe85b
@@ -1146,6 +1150,9 @@ GRUB_MOD_INIT(linux)
4fe85b
 
4fe85b
 GRUB_MOD_FINI(linux)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   grub_unregister_command (cmd_linux);
4fe85b
   grub_unregister_command (cmd_initrd);
4fe85b
 }
4fe85b
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
4fe85b
index b481e466846..b19527e8e17 100644
4fe85b
--- a/grub-core/loader/i386/pc/linux.c
4fe85b
+++ b/grub-core/loader/i386/pc/linux.c
4fe85b
@@ -35,6 +35,7 @@
4fe85b
 #include <grub/i386/floppy.h>
4fe85b
 #include <grub/lib/cmdline.h>
4fe85b
 #include <grub/linux.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 
4fe85b
 GRUB_MOD_LICENSE ("GPLv3+");
4fe85b
 
4fe85b
@@ -469,6 +470,9 @@ static grub_command_t cmd_linux, cmd_initrd;
4fe85b
 
4fe85b
 GRUB_MOD_INIT(linux16)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   cmd_linux =
4fe85b
     grub_register_command ("linux16", grub_cmd_linux,
4fe85b
 			   0, N_("Load Linux."));
4fe85b
@@ -480,6 +484,9 @@ GRUB_MOD_INIT(linux16)
4fe85b
 
4fe85b
 GRUB_MOD_FINI(linux16)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   grub_unregister_command (cmd_linux);
4fe85b
   grub_unregister_command (cmd_initrd);
4fe85b
 }
4fe85b
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
4fe85b
index 4b71f336353..e4e696e8f89 100644
4fe85b
--- a/grub-core/loader/multiboot.c
4fe85b
+++ b/grub-core/loader/multiboot.c
4fe85b
@@ -42,6 +42,7 @@
4fe85b
 #include <grub/video.h>
4fe85b
 #include <grub/memory.h>
4fe85b
 #include <grub/i18n.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 
4fe85b
 GRUB_MOD_LICENSE ("GPLv3+");
4fe85b
 
4fe85b
@@ -383,6 +384,9 @@ static grub_command_t cmd_multiboot, cmd_module;
4fe85b
 
4fe85b
 GRUB_MOD_INIT(multiboot)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   cmd_multiboot =
4fe85b
 #ifdef GRUB_USE_MULTIBOOT2
4fe85b
     grub_register_command ("multiboot2", grub_cmd_multiboot,
4fe85b
@@ -403,6 +407,9 @@ GRUB_MOD_INIT(multiboot)
4fe85b
 
4fe85b
 GRUB_MOD_FINI(multiboot)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   grub_unregister_command (cmd_multiboot);
4fe85b
   grub_unregister_command (cmd_module);
4fe85b
 }
4fe85b
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
4fe85b
index cdd9715cedd..faffccc9744 100644
4fe85b
--- a/grub-core/loader/xnu.c
4fe85b
+++ b/grub-core/loader/xnu.c
4fe85b
@@ -33,6 +33,7 @@
4fe85b
 #include <grub/extcmd.h>
4fe85b
 #include <grub/env.h>
4fe85b
 #include <grub/i18n.h>
4fe85b
+#include <grub/efi/sb.h>
4fe85b
 
4fe85b
 GRUB_MOD_LICENSE ("GPLv3+");
4fe85b
 
4fe85b
@@ -1466,6 +1467,9 @@ static grub_extcmd_t cmd_splash;
4fe85b
 
4fe85b
 GRUB_MOD_INIT(xnu)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
   cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0,
4fe85b
 				      N_("Load XNU image."));
4fe85b
   cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
4fe85b
@@ -1506,6 +1510,9 @@ GRUB_MOD_INIT(xnu)
4fe85b
 
4fe85b
 GRUB_MOD_FINI(xnu)
4fe85b
 {
4fe85b
+  if (grub_efi_secure_boot())
4fe85b
+    return;
4fe85b
+
4fe85b
 #ifndef GRUB_MACHINE_EMU
4fe85b
   grub_unregister_command (cmd_resume);
4fe85b
 #endif
4fe85b
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
4fe85b
index 22456327e13..9a2da0eb38d 100644
4fe85b
--- a/include/grub/efi/efi.h
4fe85b
+++ b/include/grub/efi/efi.h
4fe85b
@@ -76,7 +76,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
4fe85b
 				     const grub_efi_guid_t *guid,
4fe85b
 				     void *data,
4fe85b
 				     grub_size_t datasize);
4fe85b
-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void);
4fe85b
 int
4fe85b
 EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1,
4fe85b
 					     const grub_efi_device_path_t *dp2);
4fe85b
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
4fe85b
new file mode 100644
4fe85b
index 00000000000..9629fbb0f9e
4fe85b
--- /dev/null
4fe85b
+++ b/include/grub/efi/sb.h
4fe85b
@@ -0,0 +1,29 @@
4fe85b
+/* sb.h - declare functions for EFI Secure Boot support */
4fe85b
+/*
4fe85b
+ *  GRUB  --  GRand Unified Bootloader
4fe85b
+ *  Copyright (C) 2006,2007,2008,2009  Free Software Foundation, Inc.
4fe85b
+ *
4fe85b
+ *  GRUB is free software: you can redistribute it and/or modify
4fe85b
+ *  it under the terms of the GNU General Public License as published by
4fe85b
+ *  the Free Software Foundation, either version 3 of the License, or
4fe85b
+ *  (at your option) any later version.
4fe85b
+ *
4fe85b
+ *  GRUB is distributed in the hope that it will be useful,
4fe85b
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
4fe85b
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
4fe85b
+ *  GNU General Public License for more details.
4fe85b
+ *
4fe85b
+ *  You should have received a copy of the GNU General Public License
4fe85b
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
4fe85b
+ */
4fe85b
+
4fe85b
+#ifndef GRUB_EFI_SB_HEADER
4fe85b
+#define GRUB_EFI_SB_HEADER	1
4fe85b
+
4fe85b
+#include <grub/types.h>
4fe85b
+#include <grub/dl.h>
4fe85b
+
4fe85b
+/* Functions.  */
4fe85b
+int EXPORT_FUNC (grub_efi_secure_boot) (void);
4fe85b
+
4fe85b
+#endif /* ! GRUB_EFI_SB_HEADER */
4fe85b
diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h
4fe85b
new file mode 100644
4fe85b
index 00000000000..e69de29bb2d
4fe85b
diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h
4fe85b
new file mode 100644
4fe85b
index 00000000000..e69de29bb2d
4fe85b
diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h
4fe85b
new file mode 100644
4fe85b
index 00000000000..e69de29bb2d
4fe85b
diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h
4fe85b
new file mode 100644
4fe85b
index 00000000000..e69de29bb2d
4fe85b
diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
4fe85b
index cb7fd9f98e8..be29e327f77 100644
4fe85b
--- a/grub-core/Makefile.am
4fe85b
+++ b/grub-core/Makefile.am
4fe85b
@@ -67,6 +67,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h
4fe85b
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h
4fe85b
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h
4fe85b
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h
4fe85b
+KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
4fe85b
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
4fe85b
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
4fe85b
 KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h