1 files changed, 59 insertions, 0 deletions

diff --git a/website/static/security/patches/EN-25:12/efi.patch b/website/static/security/patches/EN-25:12/efi.patch
new file mode 100644
index 0000000000..cd15bf1b89
--- /dev/null
+++ b/website/static/security/patches/EN-25:12/efi.patch
@@ -0,0 +1,59 @@
+--- stand/efi/loader/bootinfo.c.orig
++++ stand/efi/loader/bootinfo.c
+@@ -447,9 +447,15 @@
+ 	module = *modulep;
+ 	file_addmetadata(kfp, MODINFOMD_MODULEP, sizeof(module), &module);
+ #endif
+-#if defined(EFI) && !defined(__i386__)
++#ifdef EFI
++#ifndef __i386__
+ 	file_addmetadata(kfp, MODINFOMD_FW_HANDLE, sizeof(ST), &ST);
+ #endif
++#if defined(__amd64__) || defined(__i386__)
++	file_addmetadata(kfp, MODINFOMD_EFI_ARCH, sizeof(MACHINE_ARCH),
++	    MACHINE_ARCH);
++#endif
++#endif
+ #ifdef LOADER_GELI_SUPPORT
+ 	geli_export_key_metadata(kfp);
+ #endif
+--- sys/amd64/amd64/machdep.c.orig
++++ sys/amd64/amd64/machdep.c
+@@ -1691,6 +1691,27 @@
+     efi_map_sysctl_handler, "S,efi_map_header",
+     "Raw EFI Memory Map");
+ 
++static int
++efi_arch_sysctl_handler(SYSCTL_HANDLER_ARGS)
++{
++	char *arch;
++	caddr_t kmdp;
++
++	kmdp = preload_search_by_type("elf kernel");
++	if (kmdp == NULL)
++		kmdp = preload_search_by_type("elf64 kernel");
++
++	arch = (char *)preload_search_info(kmdp,
++	    MODINFO_METADATA | MODINFOMD_EFI_ARCH);
++	if (arch == NULL)
++		return (0);
++
++	return (SYSCTL_OUT_STR(req, arch));
++}
++SYSCTL_PROC(_machdep, OID_AUTO, efi_arch,
++    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
++    efi_arch_sysctl_handler, "A", "EFI Firmware Architecture");
++
+ void
+ spinlock_enter(void)
+ {
+--- sys/x86/include/metadata.h.orig
++++ sys/x86/include/metadata.h
+@@ -34,6 +34,7 @@
+ #define	MODINFOMD_EFI_FB	0x1005
+ #define	MODINFOMD_MODULEP	0x1006
+ #define	MODINFOMD_VBE_FB	0x1007
++#define	MODINFOMD_EFI_ARCH	0x1008
+ 
+ struct efi_map_header {
+ 	uint64_t	memory_size;