Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp5395746imb; Thu, 7 Mar 2019 14:52:23 -0800 (PST) X-Google-Smtp-Source: APXvYqwt5cCixaKpbhPqqjbfw8fg5adQpV8BOFUxfsL+uq+yJtLqL2KekFdRrxsEPDqrdmzKkp1P X-Received: by 2002:a17:902:e3:: with SMTP id a90mr14997579pla.45.1551999143839; Thu, 07 Mar 2019 14:52:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551999143; cv=none; d=google.com; s=arc-20160816; b=Jw/mkpa3VbDiWLABINh4DVx3OuU44VteWbimJtNyUkzC6wuqp5gpCE6VXCP3jxZ8OD GkNErNhU2XR1r/ag+zwsfOZgy/kuGzznNbyVlUkG+5iLv1SjooueiBk/mnLNI9f6zXfd 5X4Mne1xL1S7aH9WsLLZxlBWk8bIkfOHMWB9lKsObQ25lyAS5FAsqy1q+zKYDyzWsWWq vW9HGYsdODyzGwJS2Wn8MZCGSKc6x1GPNz/kthaPJqa+hSn87Vj7CXKG+fI3qStitRPt eCdiPutUNz2QX5T42+Qn73qqLIeuyk08inzmWClPuinco5xWYGjm/t3+5Sj8laKQwEuW KhGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=DW3OmDjGWwedSz9G2iefQb7Xjdr1IH5ANFqID9HoAao=; b=KpkJ8V/wuuRrFdw3aFuSSCu8QoxzWN7bZ+2nPfJ3WiT8y2mhZJ6/cK1kaGXXOoIjlH kQCrC8sYlwRU+snVbHDnrw1OM0c8G61JBs+/1UqbnBoMNjq5WkHKOd3KvXwkojxnkKd3 HGKISJqKqoFyxzAJjOnsdhHRsyLDkBw1gdFsUd+MBKW7YpRB1f0newMiIQxDODTubcg0 ral9sunj+NTbojJbKgTSY5jGXoVugf45cAnPX6+Eu+5o6dRj8IJWllfqMj3NbTZ6RrGf byR9yCTkTyz66uGLSfSTsbM9qzNUSM6nLrr8Ew+nx+bA/Irht1KgdesEqvuSVzuSxn9i q4Xw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eDdhp1UJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a15si4894386pgg.560.2019.03.07.14.52.08; Thu, 07 Mar 2019 14:52:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=eDdhp1UJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726297AbfCGWu3 (ORCPT + 99 others); Thu, 7 Mar 2019 17:50:29 -0500 Received: from mail-it1-f182.google.com ([209.85.166.182]:37222 "EHLO mail-it1-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726243AbfCGWu3 (ORCPT ); Thu, 7 Mar 2019 17:50:29 -0500 Received: by mail-it1-f182.google.com with SMTP id z124so18575578itc.2 for ; Thu, 07 Mar 2019 14:50:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DW3OmDjGWwedSz9G2iefQb7Xjdr1IH5ANFqID9HoAao=; b=eDdhp1UJUjTSPr1TI5E/ORgd/pTC9FzmBTrOjMfYX9PgXUWp20iVfQgw/KNqyFBG4I qZXbwtk+Q/Fp13N9f8i+WRvSuF1ZfIWI2KSpysNNfGaj0cpAikT0xZRhd2wVynN/0mbp WufKxmEIFIT8jO5CXTWlTvKLpAhuHWgR0uIzHntJ3tpHqCJQYvO9F+E4F729Q0czKfOP YNfjCPD6E3QLQjsQMFCN6LHBg0FLLUNa2qVjNjpzD/9dOo3r5POEXCWSG81wBKB0Uqj9 P3pEnzNZhu6ZUXY+9FHdtgRWBB6DZJSYx/wSOD9IBGugFvzpbH+zj4VsLGd/UxDdV/v9 BQyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DW3OmDjGWwedSz9G2iefQb7Xjdr1IH5ANFqID9HoAao=; b=Svw/rpT57wGQC/jd6BKt5T7hsu2sdKXnb2bC79CHXVHGp1A47udWrf2MfhbcwBgmUj 28GHDAIbqUVawlQ3bWHWtCgbyrT6AtVYrdpBFnVxuyLTN0OmILxTR0BkCTgkE5JN/62W yrJmcz7eKo/TKXr1dOMbLHKFfunT1aNUWmygUW7gB8klX+hFFwH+GU1ELTuTgbtrDKpM f9z2weSAcxCVs+OLeUESxE2+1V1TIP0sD0NrwOLxqE5I/NqPJ7obMcjQpQUYY2RoO6+W g/yGqcaq4jx4MAwrvMO8NLXqX5pwrAWEnm0FHt2K88I0LYxLELsjeoyct+tbH7EbhqPH Vbag== X-Gm-Message-State: APjAAAWkqLCx9whv65mkIJRlPbQlpIzt/npt9tUDogEYdXnPO+9qiExE MdCoH6sPSjUYNmH08IQh0L5dVYvVmrvJAkxBx7sy+4sbL7A= X-Received: by 2002:a24:43d1:: with SMTP id s200mr6689500itb.118.1551999027976; Thu, 07 Mar 2019 14:50:27 -0800 (PST) MIME-Version: 1.0 References: <1542657371-7019-1-git-send-email-zohar@linux.ibm.com> <1542657371-7019-4-git-send-email-zohar@linux.ibm.com> <1551998897.31706.461.camel@linux.ibm.com> In-Reply-To: <1551998897.31706.461.camel@linux.ibm.com> From: Matthew Garrett Date: Thu, 7 Mar 2019 14:50:17 -0800 Message-ID: Subject: Re: [PATCH 3/3] x86/ima: retry detecting secure boot mode To: Mimi Zohar Cc: Justin Forbes , linux-integrity , LSM List , linux-efi , Linux Kernel Mailing List , David Howells , Seth Forshee , kexec@lists.infradead.org, Nayna Jain Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 7, 2019 at 2:48 PM Mimi Zohar wrote: > I added this last attempt because I'm seeing this on my laptop, with > some older, buggy firmware. Is the issue that it gives incorrect results on the first read, or is the issue that it gives incorrect results before ExitBootServices() is called? If the former then we should read twice in the boot stub, if the latter then we should figure out a way to do this immediately after ExitBootServices() instead.