From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Tue, 27 Aug 2013 13:33:03 -0400
Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
 
UEFI machines can be booted in Secure Boot mode.  Add a EFI_SECURE_BOOT bit
for use with efi_enabled.
 
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
---
 arch/x86/kernel/setup.c | 2 ++
 include/linux/efi.h     | 1 +
 2 files changed, 3 insertions(+)
 
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 1ac118146e90..f93826b8522c 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
 
 #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
 	if (boot_params.secure_boot) {
+		set_bit(EFI_SECURE_BOOT, &efi.flags);
 		enforce_signed_modules();
+		pr_info("Secure boot enabled\n");
 	}
 #endif
 
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 85ef051ac6fb..de3e45088d4a 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -959,6 +959,7 @@ extern int __init efi_setup_pcdp_console(char *);
 #define EFI_PARAVIRT		6	/* Access is via a paravirt interface */
 #define EFI_ARCH_1		7	/* First arch-specific bit */
 #define EFI_DBG			8	/* Print additional debug info at runtime */
+#define EFI_SECURE_BOOT		9	/* Are we in Secure Boot mode? */
 
 #ifdef CONFIG_EFI
 /*
-- 
2.4.3