Ard Biesheuvel <ard.biesheu...@linaro.org> wrote:
> > + if (IS_ENABLED(CONFIG_EFI)) {
>
> Shouldn't this be a runtime check?Interesting question. The original patch I was working from had a #ifdef here. Possibly it doesn't need to be there at all. We could rely entirely on the value of boot_params.secure_boot. David
