[PATCH] integrity: Eliminate weak definition of arch_get_secureboot()
Nathan Chancellor
nathan at kernel.org
Thu Mar 12 20:55:33 UTC 2026
On Thu, Mar 12, 2026 at 12:07:41PM -0400, Mimi Zohar wrote:
> I pushed out the patch to next-integrity, but am a bit concerned about the
> definition:
>
> +config HAVE_ARCH_GET_SECUREBOOT
> + def_bool EFI
> +
What is concerning about the definition with regards to s390?
> Has anyone actually tested this patch on s390, not just compiled it? If so, I'd
> appreciate a tested-by tag.
It would be good to test (if it is possible to test in QEMU, I am happy
to attempt to do so). As far as I can tell, 31a6a07eefeb placed
arch_get_secureboot() in such a way that the __weak definition would be
used when CONFIG_KEXEC_FILE was disabled, even though ipl_secure_flag
should always be available, which this patch avoids.
Cheers,
Nathan
More information about the Linux-security-module-archive
mailing list