]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
integrity: Make arch_ima_get_secureboot integrity-wide
authorCoiby Xu <coxu@redhat.com>
Fri, 13 Feb 2026 01:28:46 +0000 (09:28 +0800)
committerMimi Zohar <zohar@linux.ibm.com>
Thu, 5 Mar 2026 16:10:08 +0000 (11:10 -0500)
commit31a6a07eefeb4c84bd6730fbe9e95fd9221712cf
tree0e50de52df88419fa0f8005afa1109cb24fe5eec
parent11439c4635edd669ae435eec308f4ab8a0804808
integrity: Make arch_ima_get_secureboot integrity-wide

EVM and other LSMs need the ability to query the secure boot status of
the system, without directly calling the IMA arch_ima_get_secureboot
function. Refactor the secure boot status check into a general function
named arch_get_secureboot.

Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
17 files changed:
MAINTAINERS
arch/powerpc/kernel/ima_arch.c
arch/powerpc/kernel/secure_boot.c
arch/s390/kernel/ima_arch.c
arch/s390/kernel/ipl.c
arch/x86/include/asm/efi.h
arch/x86/platform/efi/efi.c
include/linux/ima.h
include/linux/secure_boot.h [new file with mode: 0644]
security/integrity/Makefile
security/integrity/efi_secureboot.c [new file with mode: 0644]
security/integrity/ima/ima_appraise.c
security/integrity/ima/ima_efi.c
security/integrity/ima/ima_main.c
security/integrity/integrity.h
security/integrity/platform_certs/load_uefi.c
security/integrity/secure_boot.c [new file with mode: 0644]