On Wed, Feb 19, 2020 at 10:00:11PM +0100, Ard Biesheuvel wrote: > On Wed, 19 Feb 2020 at 21:46, Serge E. Hallyn <serge@xxxxxxxxxx> wrote: > > > > On Wed, Feb 19, 2020 at 06:19:07PM +0100, Ard Biesheuvel wrote: > > > Testing the value of the efi.get_variable function pointer is not > > > the right way to establish whether the platform supports EFI > > > variables at runtime. Instead, use the newly added granular check > > > that can test for the presence of each EFI runtime service > > > individually. > > > > > > Cc: James Morris <jmorris@xxxxxxxxx> > > > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > > > Cc: linux-security-module@xxxxxxxxxxxxxxx > > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > > > --- > > > security/integrity/platform_certs/load_uefi.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c > > > index 111898aad56e..e2fe1bd3abb9 100644 > > > --- a/security/integrity/platform_certs/load_uefi.c > > > +++ b/security/integrity/platform_certs/load_uefi.c > > > @@ -76,7 +76,7 @@ static int __init load_uefi_certs(void) > > > unsigned long dbsize = 0, dbxsize = 0, moksize = 0; > > > int rc = 0; > > > > > > - if (!efi.get_variable) > > > + if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) > > > > Sorry, where is this defined? > > > > Apologies, I failed to cc everyone on the whole series. > > It is defined in the first patch. > > https://lore.kernel.org/linux-efi/20200219171907.11894-1-ardb@xxxxxxxxxx/ Gotcha, thanks, I shoulda get-lore-mbox'ed it :) Acked-by: Serge Hallyn <serge@xxxxxxxxxx> thanks, -serge
