Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > +#ifdef CONFIG_LOCK_DOWN_KERNEL > > +extern bool kernel_is_locked_down(void); > > +#else > > +static inline bool kernel_is_locked_down(void) > > Should this be a bool or an int? I can imagine that someone is going to want > various different degrees of lock down for kernels. As an int you could > return a bitmap indicating which features were locked. This would allow > additional things to be locked down without changing the interface. At the moment it makes no difference, since the return value is only ever passed directly to an if-statement. Also, do you have an idea as to how is should be divided up? There aren't so many cases, at least not yet, that they can't be fixed up, perhaps with a coccinelle script. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
