Comment 17 for bug 1608854

Revision history for this message
Tim Gardner (timg-tpi) wrote :

git://kernel.ubuntu.com/rtg/ubuntu-trusty.git arm64-efi-lp1608854

I backported EFI functionality for arm64 and amd64 from Utopic (v3.16) to Trusty (v3.13) because much of the arch dependent infrastructure in v3.16 is required in order to support signed module enforcement with a MOK managed key override (for externally built modules such as DKMS). See the "UBUNTU: SAUCE: UEFI:" series of patches. The approach that I took was to revert all EFI functionality in Trusty back to vanilla v3.13, then cherry-picked and backported all EFI patches from Utopic (including stable updates). Ultimately, there is little diff between the Trusty backport and Utopic in the directories and files that matter (arch/x86/platform/efi, drivers/firmware/efi, arch/arm64/kernel/efi*). This backport is possible because EFI is almost completely isolated from the rest of the kernel. However, the patchset is so large that it is essentially unreviewable. I think the only way to verify this patchset is through testing. Fortunately it is one of those features that either works or it doesn't. Thus far my test results and those of #16 are positive for both arches.