aboutsummaryrefslogtreecommitdiff
path: root/arch/x86/kernel
diff options
context:
space:
mode:
authorLinus Torvalds2019-05-31 11:08:44 -0700
committerLinus Torvalds2019-05-31 11:08:44 -0700
commitd266b3f5cac09434eb624af202f9a31307b34a88 (patch)
treed773c0a422644c9e1e91fc2d89db898e4b4e956a /arch/x86/kernel
parent8164c5719b864da3bcfee97ad8af8cfd7ee5ad8c (diff)
parent8cdc23a3d9ec0944000ad43bad588e36afdc38cd (diff)
Merge branch 'next-fixes-for-5.2-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem fixes from Mimi Zohar: "Four bug fixes, none 5.2-specific, all marked for stable. The first two are related to the architecture specific IMA policy support. The other two patches, one is related to EVM signatures, based on additional hash algorithms, and the other is related to displaying the IMA policy" * 'next-fixes-for-5.2-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: show rules with IMA_INMASK correctly evm: check hash algorithm passed to init_desc() ima: fix wrong signed policy requirement when not appraising x86/ima: Check EFI_RUNTIME_SERVICES before using
Diffstat (limited to 'arch/x86/kernel')
-rw-r--r--arch/x86/kernel/ima_arch.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/x86/kernel/ima_arch.c b/arch/x86/kernel/ima_arch.c
index 85de790583f9..64b973f0e985 100644
--- a/arch/x86/kernel/ima_arch.c
+++ b/arch/x86/kernel/ima_arch.c
@@ -18,6 +18,11 @@ static enum efi_secureboot_mode get_sb_mode(void)
size = sizeof(secboot);
+ if (!efi_enabled(EFI_RUNTIME_SERVICES)) {
+ pr_info("ima: secureboot mode unknown, no efi\n");
+ return efi_secureboot_mode_unknown;
+ }
+
/* Get variable contents into buffer */
status = efi.get_variable(efi_SecureBoot_name, &efi_variable_guid,
NULL, &size, &secboot);