Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp5383973imb; Thu, 7 Mar 2019 14:30:01 -0800 (PST) X-Google-Smtp-Source: APXvYqxx0IMzsbbbI4Mc0fo+r/e9MtPlaYhLiYhU0d6+qxiK+6uZNnPr777caxVEevnlwAnp3NVk X-Received: by 2002:a63:ea52:: with SMTP id l18mr13669562pgk.317.1551997801836; Thu, 07 Mar 2019 14:30:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551997801; cv=none; d=google.com; s=arc-20160816; b=U4d3F/V0Cfg+Dh02USO+1CtQYqm3+bLFPrI6R1fvYghAUG0+7w+NrKJw2JnAlfc8nt MJCo3vUrCrA3EAz1WZtGSfiyuHJHyoIpNP9r1GV5dJhsh9vi2MvQG04UwSHuR8uiJLfQ BphYUkRxB8DJMIBKHFjasA/pJOksmDzT9xNB0dg9r1CcAuSLzNVQTm+oGIGSJkFbCh6Q Ek/cb9tVQ4cpEqVyW7vHELYJg9edOEGjN1C0+/bvxjXtcfokf2lHWCzmLlylbaQWysGD X27uruP+bKaLfznWRkaGi9PohTT3OFrm7sm90yZTlvHyTjaSdf+cjO+UjK0plhUWIpHs y1TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vNxJ3foSkA4SZkqYFT+UIjdNLs58toH+QOhrzUMtpYc=; b=lsKLlNTCUrqwElVmpCCrjPasOrFz25upCVrUvjh/N0a6xssIxRXqdAPpbf4L0/yf04 vOQ5Y277nveozYLYTQemX+o1KkXLlizdJ4BL2Q7BcB0nbc5relX7gx0sG3nkFGDItF6i itk99Jnj8vWulWtYCm1I3yXOjCQ95w4S+29hsZs1mLJjuiN8s7z4KQug/UPSR8QGzu8t kW+wLEaWZvYnGcdMP4UglOw/pgBECIeCN8YpOESB07MB9n21YGK9dHRN/P5JdZFgO45y 9aZD5z8D6hy4Qer4ZShwJHfK32zKjux8aT1jqTFqEXXaYPfMLbK8mhuymZwwEH6DDF3M vUfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Vgo0ZuHf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e2si4851664pgm.568.2019.03.07.14.29.46; Thu, 07 Mar 2019 14:30:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Vgo0ZuHf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726305AbfCGW3E (ORCPT + 99 others); Thu, 7 Mar 2019 17:29:04 -0500 Received: from mail-it1-f196.google.com ([209.85.166.196]:52130 "EHLO mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726242AbfCGW3E (ORCPT ); Thu, 7 Mar 2019 17:29:04 -0500 Received: by mail-it1-f196.google.com with SMTP id e24so17991344itl.1 for ; Thu, 07 Mar 2019 14:29:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vNxJ3foSkA4SZkqYFT+UIjdNLs58toH+QOhrzUMtpYc=; b=Vgo0ZuHfZ0CQsRUYsH9bmQmCVMGzvvZf0zYxZGh9TjXtesRrpqj9H3qW4qnYrCCU3F 9GR73nxfrpQeuIdnF1OXEhLvB96J/rQvI9isT5i5FStkanUr3Sw1NTwbJOJVOTcdSM7x ebCNzVAQKuF3/ZkmlMStUgUt69BxOzeHEz3CQi5ka+Z0QyqHiEocp19IzRsfPqz8ocv1 z7maRj2F+vV5Awf/vysGKYj5R8OXYSjQ8fNuGJX/9JX1XNi6DVJoRkzXnLlAtNKaHZBT UYfTVmCwehNQ9pQamd6ylSMkfpla/ILa5FZJFoPEfm3T0BUx+8VP9StX5o9BW5RedRaf 7QPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vNxJ3foSkA4SZkqYFT+UIjdNLs58toH+QOhrzUMtpYc=; b=aPrY5VpcrucU8Fcinfkj1zdoMeXyheto2w0FWUkUY5/HBbY5/eDAd9mpayKwiK5VoQ rhifRGKhBO4RQzR2C+x2gCcdYNdK6wIGU0aFh03mXHKqC42ue4lyA8qN9f7pKqx6z6BL 8NNT9isLcUgmjdG1XB7tWPIyR/vsvdNPp9eFpkDh6jVv5EAX/V1CWMD9tQ4K0Vwokepc 5f2BQ4s1txeq8TlFzFwncBBkMdOVZHGJC2gp46ifNw+V0DQegfczapLwsVtM9irX8evT fLMnCjZkQHhmH8C0VDmDUECz3QJrJox5Z0nv9kpTGYFCz9n/hcibDqFZM0DdFzqTqX4y UzRQ== X-Gm-Message-State: APjAAAXfZppxInbQ2MZq5rW9IfYgvPHUxxTJVu/QNAOlNSonVpkLCGWH peLqlp1C50xasklsJt3WlkC1FQHqPrzREIxhArZr7g== X-Received: by 2002:a02:76c2:: with SMTP id z185mr8696301jab.102.1551997742985; Thu, 07 Mar 2019 14:29:02 -0800 (PST) MIME-Version: 1.0 References: <1542657371-7019-1-git-send-email-zohar@linux.ibm.com> <1542657371-7019-4-git-send-email-zohar@linux.ibm.com> In-Reply-To: <1542657371-7019-4-git-send-email-zohar@linux.ibm.com> From: Matthew Garrett Date: Thu, 7 Mar 2019 14:28:52 -0800 Message-ID: Subject: Re: [PATCH 3/3] x86/ima: retry detecting secure boot mode To: Mimi Zohar Cc: linux-integrity , LSM List , linux-efi , Linux Kernel Mailing List , David Howells , jforbes@redhat.com, Seth Forshee , kexec@lists.infradead.org, Nayna Jain Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 19, 2018 at 11:57 AM Mimi Zohar wrote: > > The secure boot mode may not be detected on boot for some reason (eg. > buggy firmware). This patch attempts one more time to detect the > secure boot mode. Do we have cases where this has actually been seen? I'm not sure what the circumstances are that would result in this behaviour.