review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Tue, 9 Oct 2018 17:30:33 +0000 (23:00 +0530)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Tue, 13 Nov 2018 12:38:45 +0000 (07:38 -0500)
commit	0914ade209c452cff6a29b1c0ae6fff3167fa1d0
tree	6fa55dce007fc83f4bb59ed5f4e2b33c4394997a	tree \| snapshot
parent	59637d5e1693451b03d2979ffbe9d40423ef05d7	commit \| diff

x86/ima: define arch_ima_get_secureboot

Distros are concerned about totally disabling the kexec_load syscall.
As a compromise, the kexec_load syscall will only be disabled when
CONFIG_KEXEC_VERIFY_SIG is configured and the system is booted with
secureboot enabled.

This patch defines the new arch specific function called
arch_ima_get_secureboot() to retrieve the secureboot state of the system.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Suggested-by: Seth Forshee <seth.forshee@canonical.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Peter Jones <pjones@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

arch/x86/kernel/Makefile		diff \| blob \| history
arch/x86/kernel/ima_arch.c	[new file with mode: 0644]	blob
include/linux/ima.h		diff \| blob \| history