On Thu, 2026-01-15 at 08:43 +0800, Coiby Xu wrote: > EVM and other LSMs need the ability to query the secure boot status of > the system, without directly calling the IMA arch_ima_get_secureboot > function. Refactor the secure boot status check into a general, > integrity-wide function named arch_integrity_get_secureboot. > > Define a new Kconfig option CONFIG_INTEGRITY_SECURE_BOOT, which is > automatically configured by the supported architectures. The existing > IMA_SECURE_AND_OR_TRUSTED_BOOT Kconfig loads the architecture specific > IMA policy based on the refactored secure boot status code. > > Reported-and-suggested-by: Mimi Zohar <[email protected]> > Suggested-by: Roberto Sassu <[email protected]> > Signed-off-by: Coiby Xu <[email protected]>
Thanks, Coiby! Reviewed-by: Mimi Zohar <[email protected]>
