From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751314AbdBCQ3u (ORCPT ); Fri, 3 Feb 2017 11:29:50 -0500 Received: from mail-it0-f45.google.com ([209.85.214.45]:35442 "EHLO mail-it0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750956AbdBCQ3s (ORCPT ); Fri, 3 Feb 2017 11:29:48 -0500 MIME-Version: 1.0 In-Reply-To: <13569.1486139355@warthog.procyon.org.uk> References: <148587558696.4026.16034622623568539004.stgit@warthog.procyon.org.uk> <148587565838.4026.2835771993519594392.stgit@warthog.procyon.org.uk> <13280.1486138918@warthog.procyon.org.uk> <13531.1486139256@warthog.procyon.org.uk> <13569.1486139355@warthog.procyon.org.uk> From: Ard Biesheuvel Date: Fri, 3 Feb 2017 16:29:47 +0000 Message-ID: Subject: Re: [PATCH 7/7] efi: Print the secure boot status in x86 setup_arch() [ver #7] To: David Howells Cc: Matt Fleming , "linux-efi@vger.kernel.org" , "linux-kernel@vger.kernel.org" , linux-security-module , keyrings@vger.kernel.org, "linux-arm-kernel@lists.infradead.org" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3 February 2017 at 16:29, David Howells wrote: > David Howells wrote: > >> Ard Biesheuvel wrote: >> >> > Yes, but only if you are booting via UEFI, no? >> >> Why limit it so? Even if you don't boot via UEFI, the bootloader/kexec can >> always set the secure-boot state on. >> >> > So perhaps use efi_enabled(EFI_BOOT) instead? >> >> I've no objection to that, given it incorporates a test of CONFIG_EFI. > > Feel free to just go ahead and change it in the patch. We can always take the > check out later. > Sure