[PATCH v4 0/3] wire up IMA secure boot for arm64

Ard Biesheuvel ardb at kernel.org
Wed Nov 4 13:50:26 EST 2020


On Wed, 4 Nov 2020 at 19:20, Mimi Zohar <zohar at linux.ibm.com> wrote:
>
> Hi Ard, Chester,
>
> On Mon, 2020-11-02 at 23:37 +0100, Ard Biesheuvel wrote:
> > This is a follow-up to Chester's series [0] to enable IMA to the secure
> > boot state of arm64 platforms, which is EFI based.
> >
> > This v4 implements the changes I suggested to Chester, in particular:
> > - disregard MokSbState when factoring out secure boot mode discovery
> > - turn the x86 IMA arch code into shared code for all architectures.
> >
> > This reduces the final patch to a one liner enabling a Kconfig option
> > for arm64 when EFI is enabled.
> >
> > Build tested only.
>
> Thank you!  This patch set is now queued in the linux-integrity next-
> integrity-testing branch.
>

I don't mind per se, but this touches a number of different trees,
including x86 and arm64, and nobody has acked it yet.

As far as the EFI tree is concerned, it looks like I should be able to
avoid any conflicts with other stuff that is in flight, and if not, we
can always use your branch up until the last patch in this serires as
a shared tag (assuming you won't rebase it).



More information about the linux-arm-kernel mailing list