Add IMA arch dependent support for ARM64. Some IMA functions can check arch-specific status before running. For example, the ima_load_data function or the boot param "ima_appraise=" should not be executed when UEFI secure boot is enabled. We want to fill the gap in order to complete the IMA support on ARM64. Changes in v2: - Separate get_sb_mode() from x86 so all EFI-based architectures can reuse the same function. - Refactor arch/arm64/kernel/ima_arch.c based on Ard's patch[1]. Test platforms: - QEMU [aarch64-virt] + EDK2/OVMF - NXP LX2160A-RDB + EDK2 [1] https://www.spinics.net/lists/linux-efi/msg20645.html Chester Lin (2): efi: add secure boot get helper arm64/ima: add ima_arch support arch/arm64/Kconfig | 1 + arch/arm64/kernel/Makefile | 2 ++ arch/arm64/kernel/ima_arch.c | 46 +++++++++++++++++++++++++++++++++++ arch/x86/kernel/ima_arch.c | 47 ++---------------------------------- drivers/firmware/efi/efi.c | 43 +++++++++++++++++++++++++++++++++ include/linux/efi.h | 5 ++++ 6 files changed, 99 insertions(+), 45 deletions(-) create mode 100644 arch/arm64/kernel/ima_arch.c -- 2.26.1
