From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1763954AbdAKPB5 (ORCPT <rfc822;w@1wt.eu>);
        Wed, 11 Jan 2017 10:01:57 -0500
Received: from mail-wj0-f179.google.com ([209.85.210.179]:33684 "EHLO
        mail-wj0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1763928AbdAKPBx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Jan 2017 10:01:53 -0500
Date: Wed, 11 Jan 2017 15:01:50 +0000
From: Matt Fleming <matt@codeblueprint.co.uk>
To: David Howells <dhowells@redhat.com>
Cc: ard.biesheuvel@linaro.org, linux-efi@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org,
        keyrings@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 0/8] efi: Pass secure boot mode to kernel [ver #6]
Message-ID: <20170111150150.GC29649@codeblueprint.co.uk>
References: <148120020832.5854.5448601415491330495.stgit@warthog.procyon.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <148120020832.5854.5448601415491330495.stgit@warthog.procyon.org.uk>
User-Agent: Mutt/1.5.24+41 (02bc14ed1569) (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 08 Dec, at 12:30:08PM, David Howells wrote:
> 
> Here's a set of patches that can determine the secure boot state of the
> UEFI BIOS and pass that along to the main kernel image.  This involves
> generalising ARM's efi_get_secureboot() function and making it mixed-mode
> safe.

This version looks OK to me apart from the couple of comments I made.

Ard, did you take a look? In particular some boot testing on ARM/arm64
would be useful. x86 boots fine in both regular and mixed mode but
I've only tested without Secure Boot enabled.