UBUNTU: SAUCE: (noup) Display MOKSBState when disabled

BugLink: http://bugs.launchpad.net/bugs/1571691

It would be much simpler if one could pass MOKSBState via a global variable,
but the the EFI bits appear to be managed and linked a bit differently then
a normal text section. Hence the shennanigans with boot_params.secure_boot.
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andy Whitcroft <andy.whitcroft@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>

arch/x86/boot/compressed/eboot.c

@@ -886,14 +886,15 @@ static int get_secure_boot(void)
 
 	/* If it fails, we don't care why.  Default to secure */
 	if (status != EFI_SUCCESS)
-		return 1;
+		return EFI_SECURE_BOOT;
 
 	if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS)) {
-		if (moksbstate == 1)
-			return 0;
+		if (moksbstate == 1) {
+			return EFI_MOKSBSTATE_DISABLED;
+		}
 	}
 
-	return 1;
+	return EFI_SECURE_BOOT;
 }
 
 

arch/x86/kernel/setup.c

@@ -1144,11 +1144,15 @@ void __init setup_arch(char **cmdline_p)
 	io_delay_init();
 
 #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
-	if (boot_params.secure_boot) {
+	if (boot_params.secure_boot == EFI_SECURE_BOOT) {
 		set_bit(EFI_SECURE_BOOT, &efi.flags);
 		enforce_signed_modules();
 		pr_info("Secure boot enabled\n");
 	}
+	else if (boot_params.secure_boot == EFI_MOKSBSTATE_DISABLED) {
+		boot_params.secure_boot = 0;
+		pr_info("Secure boot MOKSBState disabled\n");
+    }
 #endif
 
 	/*

include/linux/efi.h

@@ -987,6 +987,7 @@ extern int __init efi_setup_pcdp_console(char *);
 #define EFI_DBG			8	/* Print additional debug info at runtime */
 #define EFI_NX_PE_DATA		9	/* Can runtime data regions be mapped non-executable? */
 #define EFI_SECURE_BOOT		10	/* Are we in Secure Boot mode? */
+#define EFI_MOKSBSTATE_DISABLED	11	/* Secure boot mode disabled in the MOK */
 
 #ifdef CONFIG_EFI
 /*