[PATCH v4 0/3] wire up IMA secure boot for arm64
From: Ard Biesheuvel <ardb@kernel.org>
Date: 2020-11-02 22:39:14
Also in:
linux-arm-kernel, linux-efi
This is a follow-up to Chester's series [0] to enable IMA to the secure boot state of arm64 platforms, which is EFI based. This v4 implements the changes I suggested to Chester, in particular: - disregard MokSbState when factoring out secure boot mode discovery - turn the x86 IMA arch code into shared code for all architectures. This reduces the final patch to a one liner enabling a Kconfig option for arm64 when EFI is enabled. Build tested only. [0] https://lore.kernel.org/linux-arm-kernel/20201030060840.1810-1-clin@suse.com/ (local) Cc: zohar@linux.ibm.com Cc: jmorris@namei.org Cc: serge@hallyn.com Cc: dmitry.kasatkin@gmail.com Cc: catalin.marinas@arm.com Cc: will@kernel.org Cc: clin@suse.com Cc: x86@kernel.org Cc: jlee@suse.com Cc: linux-integrity@vger.kernel.org, Cc: linux-arm-kernel@lists.infradead.org Chester Lin (3): efi: generalize efi_get_secureboot ima: generalize x86/EFI arch glue for other EFI architectures arm64/ima: add ima_arch support arch/arm64/Kconfig | 1 + arch/x86/boot/compressed/Makefile | 2 +- arch/x86/include/asm/efi.h | 3 ++ arch/x86/kernel/Makefile | 2 - drivers/firmware/efi/libstub/efistub.h | 2 + drivers/firmware/efi/libstub/secureboot.c | 41 +++++++---------- include/linux/efi.h | 23 +++++++++- security/integrity/ima/Makefile | 4 ++ .../integrity/ima/ima_efi.c | 45 +++++-------------- 9 files changed, 60 insertions(+), 63 deletions(-) rename arch/x86/kernel/ima_arch.c => security/integrity/ima/ima_efi.c (60%) -- 2.17.1