Re: [PATCH 9/9] integrity: check properly whether EFI GetVariable() is available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 19, 2020 at 06:19:07PM +0100, Ard Biesheuvel wrote:
> Testing the value of the efi.get_variable function pointer is not
> the right way to establish whether the platform supports EFI
> variables at runtime. Instead, use the newly added granular check
> that can test for the presence of each EFI runtime service
> individually.
> 
> Cc: James Morris <jmorris@xxxxxxxxx>
> Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx>
> Cc: linux-security-module@xxxxxxxxxxxxxxx
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
>  security/integrity/platform_certs/load_uefi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
> index 111898aad56e..e2fe1bd3abb9 100644
> --- a/security/integrity/platform_certs/load_uefi.c
> +++ b/security/integrity/platform_certs/load_uefi.c
> @@ -76,7 +76,7 @@ static int __init load_uefi_certs(void)
>  	unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
>  	int rc = 0;
>  
> -	if (!efi.get_variable)
> +	if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE))

Sorry, where is this defined?

>  		return false;
>  
>  	/* Get db, MokListRT, and dbx.  They might not exist, so it isn't
> -- 
> 2.17.1



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux