13 Feb
2022
13 Feb
'22
7:39 a.m.
On Thu, Feb 10, 2022 at 10:47:25AM +0000, Aditya Garg wrote:
+/* Apple Macs with T2 Security chip don't support these UEFI variables.
- The T2 chip manages the Secure Boot and does not allow Linux to boot
- if it is turned on. If turned off, an attempt to get certificates
- causes a crash, so we simply return 0 for them in each function.
- */
+static const struct dmi_system_id uefi_skip_cert[] = {
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,1") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,2") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,3") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,4") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,1") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,2") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,3") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,4") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") },
- { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") },
- { }
+};
The T2 is represented by a PCI device with ID 106B:1802. I think it would be more elegant to sense presence of that device instead of hardcoding a long dmi list, i.e.:
static bool apple_t2_present(void) { struct pci_dev *pdev;
if (!x86_apple_machine) return false;
pdev = pci_get_device(PCI_VENDOR_ID_APPLE, 0x1802, NULL); if (pdev) { pci_put_dev(pdev); return true; }
return false; }