Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934917AbcKWKH6 (ORCPT ); Wed, 23 Nov 2016 05:07:58 -0500 Received: from mx1.redhat.com ([209.132.183.28]:52794 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934244AbcKWKHm (ORCPT ); Wed, 23 Nov 2016 05:07:42 -0500 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: <20161123092735.GA2071@wunner.de> References: <20161123092735.GA2071@wunner.de> <147986054870.13790.8640536414645705863.stgit@warthog.procyon.org.uk> <147986059202.13790.3471243422582131819.stgit@warthog.procyon.org.uk> To: Lukas Wunner Cc: dhowells@redhat.com, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Josh Boyer , keyrings@vger.kernel.org Subject: Re: [PATCH 6/6] efi: Add EFI_SECURE_BOOT bit [ver #2] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <3709.1479895641.1@warthog.procyon.org.uk> Date: Wed, 23 Nov 2016 10:07:21 +0000 Message-ID: <3710.1479895641@warthog.procyon.org.uk> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 23 Nov 2016 10:07:28 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 780 Lines: 28 Lukas Wunner wrote: > > +#ifdef CONFIG_EFI > > + if (boot_params.secure_boot) { > > + set_bit(EFI_SECURE_BOOT, &efi.flags); > > + pr_info("Secure boot enabled\n"); > > + } > > +#endif > > + > > Section 20 of Documentation/CodingStyle recommends IS_ENABLED() > instead of #ifdef. The problem is this: arch/x86/include/asm/bitops.h:75: undefined reference to `efi' To quote section 20: "... Thus, you still have to use an #ifdef if the code inside the block references symbols that will not exist if the condition is not met." > Also, CONFIG_EFI_STUB might be more apt than CONFIG_EFI. Other stuff in the same function is contingent on CONFIG_EFI. EFI_STUB is to do with how the thing can be booted, I think - not whether EFI support is enabled. David