• Nayna Jain's avatar
    x86/ima: define arch_ima_get_secureboot · 0914ade2
    Nayna Jain authored
    Distros are concerned about totally disabling the kexec_load syscall.
    As a compromise, the kexec_load syscall will only be disabled when
    CONFIG_KEXEC_VERIFY_SIG is configured and the system is booted with
    secureboot enabled.
    
    This patch defines the new arch specific function called
    arch_ima_get_secureboot() to retrieve the secureboot state of the system.
    Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
    Suggested-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    Cc: David Howells <dhowells@redhat.com>
    Cc: Eric Biederman <ebiederm@xmission.com>
    Cc: Peter Jones <pjones@redhat.com>
    Cc: Vivek Goyal <vgoyal@redhat.com>
    Cc: Dave Young <dyoung@redhat.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    0914ade2
ima.h 2.81 KB