iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

x86/ima: Use EFI GetVariable only when available

Browse Source 
Replace the EFI runtime services check with one that tells us whether
EFI GetVariable() is implemented by the firmware.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This commit is contained in:
Ard Biesheuvel 2020-01-23 13:09:35 +01:00
parent 9b42f76ad5
commit 9a440391b5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
arch/x86/kernel/ima_arch.c
View File

@ -19,7 +19,7 @@ static enum efi_secureboot_mode get_sb_mode(void)
size = sizeof(secboot);
if (!efi_enabled(EFI_RUNTIME_SERVICES)) {
if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
pr_info("ima: secureboot mode unknown, no efi\n");
return efi_secureboot_mode_unknown;
}