From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751252AbdBCQ1r (ORCPT ); Fri, 3 Feb 2017 11:27:47 -0500 Received: from mx1.redhat.com ([209.132.183.28]:58556 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751208AbdBCQ1n (ORCPT ); Fri, 3 Feb 2017 11:27:43 -0500 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <148587558696.4026.16034622623568539004.stgit@warthog.procyon.org.uk> <148587565838.4026.2835771993519594392.stgit@warthog.procyon.org.uk> <13280.1486138918@warthog.procyon.org.uk> To: Ard Biesheuvel Cc: dhowells@redhat.com, Matt Fleming , "linux-efi@vger.kernel.org" , "linux-kernel@vger.kernel.org" , linux-security-module , keyrings@vger.kernel.org, "linux-arm-kernel@lists.infradead.org" Subject: Re: [PATCH 7/7] efi: Print the secure boot status in x86 setup_arch() [ver #7] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <13530.1486139256.1@warthog.procyon.org.uk> Date: Fri, 03 Feb 2017 16:27:36 +0000 Message-ID: <13531.1486139256@warthog.procyon.org.uk> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 03 Feb 2017 16:27:39 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Ard Biesheuvel wrote: > Yes, but only if you are booting via UEFI, no? Why limit it so? Even if you don't boot via UEFI, the bootloader/kexec can always set the secure-boot state on. > So perhaps use efi_enabled(EFI_BOOT) instead? I've no objection to that, given it incorporates a test of CONFIG_EFI. David