mjg59/gist:8d9d494da56fbe6d8992

## gistfile1.txt
commit 3f5e3bdbb45bc2cd9ae95972420eb11b0340f120
Author: Matthew Garrett <mjg59@coreos.com>
Date:   Mon Feb 1 13:31:00 2016 +1100

    Block most UEFI variable deletions

    Some systems appear to become upset if certain UEFI non-volatile variables
    are delted, to the point of no longer POSTing successfully. For a short-term
    fix, let's just block deletion of most variables while we figure out a
    better approach.

    Signed-off-by: Matthew Garrett <mjg59@coreos.com>

diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
index 70a0fb1..77b4327 100644
--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -532,6 +532,37 @@ int efivar_entry_delete(struct efivar_entry *entry)
 {
        const struct efivar_operations *ops = __efivars->ops;
        efi_status_t status;
+       efi_guid_t global_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
+       int i;
+       u16 *unicode_name = entry->var.VariableName;
+
+       /* Block deletion of any non-spec variables */
+       if (memcmp(&global_variable_guid, &entry->var.VendorGuid,
+                  sizeof(efi_guid_t)) != 0)
+               return -EPERM;
+
+       /*
+        * Don't permit deletion of the majority of spec-defined variables.
+        * We just re-use the list of variables that we have validation code
+        * for - wildcards are ignored in this case, so deleting boot and
+        * device entries is still permitted.
+        */
+       for (i = 0; variable_validate[i].validate != NULL; i++) {
+               const char *name = variable_validate[i].name;
+               int match;
+
+               for (match = 0; ; match++) {
+                       char c = name[match];
+                       u16 u = unicode_name[match];
+
+                       if (c != u)
+                               break;
+
+                       /* Reached the end of the string while matching */
+                       if (!c && !u)
+                               return -EPERM;
+               }
+       }

        spin_lock_irq(&__efivars->lock);
        status = ops->set_variable(entry->var.VariableName,
	commit 3f5e3bdbb45bc2cd9ae95972420eb11b0340f120
	Author: Matthew Garrett <mjg59@coreos.com>
	Date: Mon Feb 1 13:31:00 2016 +1100

	Block most UEFI variable deletions

	Some systems appear to become upset if certain UEFI non-volatile variables
	are delted, to the point of no longer POSTing successfully. For a short-term
	fix, let's just block deletion of most variables while we figure out a
	better approach.

	Signed-off-by: Matthew Garrett <mjg59@coreos.com>

	diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
	index 70a0fb1..77b4327 100644
	--- a/drivers/firmware/efi/vars.c
	+++ b/drivers/firmware/efi/vars.c
	@@ -532,6 +532,37 @@ int efivar_entry_delete(struct efivar_entry *entry)
	{
	const struct efivar_operations *ops = __efivars->ops;
	efi_status_t status;
	+ efi_guid_t global_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
	+ int i;
	+ u16 *unicode_name = entry->var.VariableName;
	+
	+ /* Block deletion of any non-spec variables */
	+ if (memcmp(&global_variable_guid, &entry->var.VendorGuid,
	+ sizeof(efi_guid_t)) != 0)
	+ return -EPERM;
	+
	+ /*
	+ * Don't permit deletion of the majority of spec-defined variables.
	+ * We just re-use the list of variables that we have validation code
	+ * for - wildcards are ignored in this case, so deleting boot and
	+ * device entries is still permitted.
	+ */
	+ for (i = 0; variable_validate[i].validate != NULL; i++) {
	+ const char *name = variable_validate[i].name;
	+ int match;
	+
	+ for (match = 0; ; match++) {
	+ char c = name[match];
	+ u16 u = unicode_name[match];
	+
	+ if (c != u)
	+ break;
	+
	+ /* Reached the end of the string while matching */
	+ if (!c && !u)
	+ return -EPERM;
	+ }
	+ }

	spin_lock_irq(&__efivars->lock);
	status = ops->set_variable(entry->var.VariableName,