This is a follow-up to Chester's series [0] to enable IMA to the secure boot state of arm64 platforms, which is EFI based. This v4 implements the changes I suggested to Chester, in particular: - disregard MokSbState when factoring out secure boot mode discovery - turn the x86 IMA arch code into shared code for all architectures. This reduces the final patch to a one liner enabling a Kconfig option for arm64 when EFI is enabled. Build tested only. [0] https://lore.kernel.org/linux-arm-kernel/20201030060840.1810-1-clin@xxxxxxxx/ Cc: zohar@xxxxxxxxxxxxx Cc: jmorris@xxxxxxxxx Cc: serge@xxxxxxxxxx Cc: dmitry.kasatkin@xxxxxxxxx Cc: catalin.marinas@xxxxxxx Cc: will@xxxxxxxxxx Cc: clin@xxxxxxxx Cc: x86@xxxxxxxxxx Cc: jlee@xxxxxxxx Cc: linux-integrity@xxxxxxxxxxxxxxx, Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx Chester Lin (3): efi: generalize efi_get_secureboot ima: generalize x86/EFI arch glue for other EFI architectures arm64/ima: add ima_arch support arch/arm64/Kconfig | 1 + arch/x86/boot/compressed/Makefile | 2 +- arch/x86/include/asm/efi.h | 3 ++ arch/x86/kernel/Makefile | 2 - drivers/firmware/efi/libstub/efistub.h | 2 + drivers/firmware/efi/libstub/secureboot.c | 41 +++++++---------- include/linux/efi.h | 23 +++++++++- security/integrity/ima/Makefile | 4 ++ .../integrity/ima/ima_efi.c | 45 +++++-------------- 9 files changed, 60 insertions(+), 63 deletions(-) rename arch/x86/kernel/ima_arch.c => security/integrity/ima/ima_efi.c (60%) -- 2.17.1
