bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

integrity: Make arch_ima_get_secureboot integrity-wide

Browse Source 
EVM and other LSMs need the ability to query the secure boot status of
the system, without directly calling the IMA arch_ima_get_secureboot
function. Refactor the secure boot status check into a general function
named arch_get_secureboot.

Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Coiby Xu
2026-02-13 09:28:46 +08:00
committed by Mimi Zohar
parent 11439c4635
commit 31a6a07eef
17 changed files with 115 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/integrity/ima/ima_appraise.c
View File

@@ -27,7 +27,7 @@ core_param(ima_appraise, ima_appraise_cmdline_default, charp, 0);
void __init ima_appraise_parse_cmdline(void)
{
const char *str = ima_appraise_cmdline_default;
bool sb_state = arch_ima_get_secureboot();
bool sb_state = arch_get_secureboot();
int appraisal_state = ima_appraise;
if (!str)