On Wed, Feb 19, 2020 at 06:19:07PM +0100, Ard Biesheuvel wrote: > Testing the value of the efi.get_variable function pointer is not > the right way to establish whether the platform supports EFI > variables at runtime. Instead, use the newly added granular check > that can test for the presence of each EFI runtime service > individually. > > Cc: James Morris <jmorris@xxxxxxxxx> > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > Cc: linux-security-module@xxxxxxxxxxxxxxx > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > security/integrity/platform_certs/load_uefi.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c > index 111898aad56e..e2fe1bd3abb9 100644 > --- a/security/integrity/platform_certs/load_uefi.c > +++ b/security/integrity/platform_certs/load_uefi.c > @@ -76,7 +76,7 @@ static int __init load_uefi_certs(void) > unsigned long dbsize = 0, dbxsize = 0, moksize = 0; > int rc = 0; > > - if (!efi.get_variable) > + if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) Sorry, where is this defined? > return false; > > /* Get db, MokListRT, and dbx. They might not exist, so it isn't > -- > 2.17.1
