On Fri, Feb 13, 2026 at 09:28:46AM +0800, Coiby Xu wrote:
> EVM and other LSMs need the ability to query the secure boot status of
> the system, without directly calling the IMA arch_ima_get_secureboot
> function. Refactor the secure boot status check into a general function
> named arch_get_secureboot.
>
> Reported-and-suggested-by: Mimi Zohar <[email protected]>
> Suggested-by: Roberto Sassu <[email protected]>
> Signed-off-by: Coiby Xu <[email protected]>
> ---
> MAINTAINERS | 1 +
> arch/powerpc/kernel/ima_arch.c | 5 --
> arch/powerpc/kernel/secure_boot.c | 6 ++
> arch/s390/kernel/ima_arch.c | 6 --
> arch/s390/kernel/ipl.c | 5 ++
> arch/x86/include/asm/efi.h | 4 +-
> arch/x86/platform/efi/efi.c | 2 +-
> include/linux/ima.h | 7 +--
> include/linux/secure_boot.h | 19 +++++++
> security/integrity/Makefile | 3 +-
> security/integrity/efi_secureboot.c | 56 +++++++++++++++++++
> security/integrity/ima/ima_appraise.c | 2 +-
> security/integrity/ima/ima_efi.c | 47 +---------------
> security/integrity/ima/ima_main.c | 3 +-
> security/integrity/integrity.h | 1 +
> security/integrity/platform_certs/load_uefi.c | 2 +-
> security/integrity/secure_boot.c | 16 ++++++
> 17 files changed, 115 insertions(+), 70 deletions(-)
> create mode 100644 include/linux/secure_boot.h
> create mode 100644 security/integrity/efi_secureboot.c
> create mode 100644 security/integrity/secure_boot.c
This triggers a warning on s390:
arch/s390/kernel/ipl.c:2507:6: warning: no previous prototype for
‘arch_get_secureboot’ [-Wmissing-prototypes]
2507 | bool arch_get_secureboot(void)
| ^~~~~~~~~~~~~~~~~~~
@Mimi: could you please squash this fixup into the offending commit,
or pick it up separately?
Vasily Gorbik (1):
s390/ipl: Fix missing arch_get_secureboot() prototype warning
arch/s390/kernel/ipl.c | 1 +
1 file changed, 1 insertion(+)
--
2.53.0
