Hi Kees, On Wed, Aug 08, 2018 at 01:33:01PM -0700, Kees Cook wrote: > I'm slightly nervous about complicating this and splitting up the > check. I have a mild preference that all the checks get moved later, > so that all architectures have the checks happening at the same time > during boot. Splitting this up could give us some weird differences > between architectures, etc. As fas as I can see the checks are implemented on x86, arm, and arm64. I agree that it would be better to run the checks at a unified place across architectures and can send a patch-set for set once the dust around the 32-bit PTI implementation for x86 has settled. But currently the call-places are architecture specific and with that in mind the split-up on x86 is the right thing to do. I'll change that back when I implement your idea above. Regards, Joerg
