]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 11439c4) | patch
integrity: Make arch_ima_get_secureboot integrity-wide
authorCoiby Xu <coxu@redhat.com>
Fri, 13 Feb 2026 01:28:46 +0000 (09:28 +0800)
committerMimi Zohar <zohar@linux.ibm.com>
Thu, 5 Mar 2026 16:10:08 +0000 (11:10 -0500)
commit31a6a07eefeb4c84bd6730fbe9e95fd9221712cf
tree0e50de52df88419fa0f8005afa1109cb24fe5eectree | snapshot
parent11439c4635edd669ae435eec308f4ab8a0804808commit | diff
integrity: Make arch_ima_get_secureboot integrity-wide

EVM and other LSMs need the ability to query the secure boot status of
the system, without directly calling the IMA arch_ima_get_secureboot
function. Refactor the secure boot status check into a general function
named arch_get_secureboot.

Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
17 files changed:
MAINTAINERS diff | blob | blame | history
arch/powerpc/kernel/ima_arch.c diff | blob | blame | history
arch/powerpc/kernel/secure_boot.c diff | blob | blame | history
arch/s390/kernel/ima_arch.c diff | blob | blame | history
arch/s390/kernel/ipl.c diff | blob | blame | history
arch/x86/include/asm/efi.h diff | blob | blame | history
arch/x86/platform/efi/efi.c diff | blob | blame | history
include/linux/ima.h diff | blob | blame | history
include/linux/secure_boot.h [new file with mode: 0644] blob
security/integrity/Makefile diff | blob | blame | history
security/integrity/efi_secureboot.c [new file with mode: 0644] blob
security/integrity/ima/ima_appraise.c diff | blob | blame | history
security/integrity/ima/ima_efi.c diff | blob | blame | history
security/integrity/ima/ima_main.c diff | blob | blame | history
security/integrity/integrity.h diff | blob | blame | history
security/integrity/platform_certs/load_uefi.c diff | blob | blame | history
security/integrity/secure_boot.c [new file with mode: 0644] blob
A mirror of Linus' kernel repository