diff options
| author | Ard Biesheuvel <[email protected]> | 2020-10-13 10:18:04 +0200 |
|---|---|---|
| committer | Mimi Zohar <[email protected]> | 2020-11-02 14:19:01 -0500 |
| commit | b000d5cb954fe25ac1ea929ae6da321033ace927 (patch) | |
| tree | a062e8d69d89dca1e185bbb0cd417073a29d4fdd /tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/Util.py | |
| parent | 3cea11cd5e3b00d91caf0b4730194039b45c5891 (diff) | |
ima: defer arch_ima_get_secureboot() call to IMA init time
Chester reports that it is necessary to introduce a new way to pass
the EFI secure boot status between the EFI stub and the core kernel
on ARM systems. The usual way of obtaining this information is by
checking the SecureBoot and SetupMode EFI variables, but this can
only be done after the EFI variable workqueue is created, which
occurs in a subsys_initcall(), whereas arch_ima_get_secureboot()
is called much earlier by the IMA framework.
However, the IMA framework itself is started as a late_initcall,
and the only reason the call to arch_ima_get_secureboot() occurs
so early is because it happens in the context of a __setup()
callback that parses the ima_appraise= command line parameter.
So let's refactor this code a little bit, by using a core_param()
callback to capture the command line argument, and deferring any
reasoning based on its contents to the IMA init routine.
Cc: Chester Lin <[email protected]>
Cc: Dmitry Kasatkin <[email protected]>
Cc: James Morris <[email protected]>
Cc: "Serge E. Hallyn" <[email protected]>
Link: https://lore.kernel.org/linux-arm-kernel/[email protected]/
Signed-off-by: Ard Biesheuvel <[email protected]>
Reported-by: kernel test robot <[email protected]> [missing core_param()]
[[email protected]: included linux/module.h]
Tested-by: Chester Lin <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/Util.py')
0 files changed, 0 insertions, 0 deletions