From 7878b466ced5cd807db8cc12eb580220890c220f Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Tue, 12 Dec 2017 18:01:42 +0800
Subject: [PATCH 09/11] PM / hibernate: prevent EFI secret key to be
 regenerated
Patch-mainline: No, will be submitted to upstream
References: fate#316350

Because hibernation verification relies on EFI secret key. Which means
that the secret key can not be changed when system runs into hibernation.
So, the EFI secret key regenerate flag must be removed when hibernation.

Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
 kernel/power/hibernate.c |    1 +
 kernel/power/user.c      |    3 +++
 2 files changed, 4 insertions(+)

--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -694,6 +694,7 @@ int hibernate(void)
 		pr_debug("Hibernation not available.\n");
 		return -EPERM;
 	}
+	efi_skey_stop_regen();
 
 	error = snapshot_create_trampoline();
 	if (error)
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -25,6 +25,7 @@
 #include <linux/cpu.h>
 #include <linux/freezer.h>
 #include <linux/security.h>
+#include <linux/efi.h>
 
 #include <linux/uaccess.h>
 
@@ -347,6 +348,7 @@ static long snapshot_ioctl(struct file *
 			error = -EPERM;
 			break;
 		}
+		efi_skey_stop_regen();
 		/*
 		 * Tasks are frozen and the notifiers have been called with
 		 * PM_HIBERNATION_PREPARE
@@ -360,6 +362,7 @@ static long snapshot_ioctl(struct file *
 		break;
 
 	case SNAPSHOT_POWER_OFF:
+		efi_skey_stop_regen();
 		if (data->platform_support)
 			error = hibernation_platform_enter();
 		break;