From: Ard Biesheuvel <ardb@kernel.org>
Date: Thu, 23 Jan 2020 13:09:35 +0100
Subject: x86/ima: Use EFI GetVariable only when available
Patch-mainline: v5.7-rc1
Git-commit: 9a440391b560347bf5ee7cb96b63e7e91cedf66a
References: bsc#1174029, bsc#1174110, bsc#1174111
Replace the EFI runtime services check with one that tells us whether
EFI GetVariable() is implemented by the firmware.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
arch/x86/kernel/ima_arch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kernel/ima_arch.c
+++ b/arch/x86/kernel/ima_arch.c
@@ -19,7 +19,7 @@ static enum efi_secureboot_mode get_sb_m
size = sizeof(secboot);
- if (!efi_enabled(EFI_RUNTIME_SERVICES)) {
+ if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
pr_info("ima: secureboot mode unknown, no efi\n");
return efi_secureboot_mode_unknown;
}