Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7111738rdb; Wed, 3 Jan 2024 05:12:08 -0800 (PST) X-Google-Smtp-Source: AGHT+IHz5/oa4PcCbHLt0qy7jHMRI8DqVci5zDqEtLZMZ0QkW3YJ0f4Kvw8htpoT7oct512E0pOX X-Received: by 2002:a05:6512:10d3:b0:50e:80ff:2d0f with SMTP id k19-20020a05651210d300b0050e80ff2d0fmr6408870lfg.98.1704287527943; Wed, 03 Jan 2024 05:12:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704287527; cv=none; d=google.com; s=arc-20160816; b=M1Z74qxu7dLfGUnYv8kM+TBUyPlWhoE1pO00qWi/73oqXN/b/rxeq5Rjn5qtgqgVk0 J2apJ2Kjr1hOQV+pEVCuYAcN2Z8iE2+qIlhVjN6QB++KYTeTPnpMh8QTn2MG0vucG1Pk AbWo7X5LAXo6s+nvpeXxLSuWnB/2DCsycUTUqPXY0Ek3sfX8yhATn4NyYpNArU80Dm2W OADN063fr9OMaWIxNN1zcbX6Ei5ATov/K64yiH1ng8ndUXTpwNAjXrXW9mmTGxU5Hdmu PXkDVzUrmfhCo2P9Z986wuQ/qv+HqeSAQwTcSb266vltLZREGh1WGbL0Touy3uTj/x+z phVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=OM2ZimRv7ao14G4EMWOi0NPKHwxkTEV4NeZzXWqVR84=; fh=olUnnNbCNO6oc7jUK9qAAYJGpIByyDaZzUxHnQ4XdUk=; b=xUY8fyhYmWGyVuBOYg2aCUZjYmliOM0xMf08g3agj5CCPlEL348SYnI5f9/T8U4jRS VQ9uYGopgcIR+awB89ay76uwFEKn+y6eY4aHOI8q2XFrUmx8VoIY8R03VEAE7nlJz3EW xMvfnGmLumkPZln4b6gvW1xvzT/Td11PtXA44zHIZGez1nsj+p+fR1+hyxZAIg9Y4OKS FtAXYOv3dVvXiqthsjtL+DoEzhTTF5d8wa6psaqfmNcX8ZZi2ablsAN1CPyWV4eTY5MX KP+Ni18ygM3H69ZHX6tVg45L7WjmAKn+lrEsPOe8a8+4Qoe/AwAHPWJlyyE1CbF+cioj VwdA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YjiXUhhX; spf=pass (google.com: domain of linux-kernel+bounces-15553-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-15553-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id dg13-20020a0564021d0d00b00552a384e61fsi12360760edb.470.2024.01.03.05.12.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jan 2024 05:12:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-15553-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YjiXUhhX; spf=pass (google.com: domain of linux-kernel+bounces-15553-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-15553-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id AC0D31F22A06 for ; Wed, 3 Jan 2024 13:12:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9DE3E199A9; Wed, 3 Jan 2024 13:11:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YjiXUhhX" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B901F1945C; Wed, 3 Jan 2024 13:11:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 47A78C433C7; Wed, 3 Jan 2024 13:11:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1704287514; bh=qIhmbs4q19ce2u3+/p/L4uydu2guvXDqASx18xBCCcw=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=YjiXUhhXpqumwXKQPMqpkdB4wPrRMy0bOzR1kahYVY1+qE5n7Z4haXZSfzT55IAI1 ynnt4aDFeWwdn3Bmo5Bfg3xsBbD4VmuDjTgmQqqSG0Dix3Qw+sRw31WGG1TTPzsztY xEBVl2pFbuK9dXt2+f5UHWoEFd+owy0H5XKrkZJgan6ykecKAc0NlQ3PixVapEOMsh WZaVatHDS9M7AbWzldR9FtJbZ8YV4Nj0WtHrYRV+9O+mPx3NBqug+uWnuoXIFfBHdv wIXZQatu7fvlr03zk4kPyj4OlIeIKc3RW7eL39FEqzhdIH8rP99VcvF/HkLUMW9Uyc e/qinOLQAN2uw== Received: by mail-lf1-f51.google.com with SMTP id 2adb3069b0e04-50e766937ddso8433219e87.3; Wed, 03 Jan 2024 05:11:54 -0800 (PST) X-Gm-Message-State: AOJu0Yw7x6HLmhqYQWyCD4Ng8AH0hEZWtJfvJPFXxVvQYICwYEqdc8pj k1ASIwzd6P/jUQdMzKHIwexv7bnN81u+UYHAWIU= X-Received: by 2002:ac2:5190:0:b0:50e:aa04:b2e9 with SMTP id u16-20020ac25190000000b0050eaa04b2e9mr24496lfi.39.1704287512452; Wed, 03 Jan 2024 05:11:52 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231215122614.5481-1-tzimmermann@suse.de> <20231215122614.5481-3-tzimmermann@suse.de> <97f118fc-b38f-4bcc-83d3-4d3c13edf7a0@suse.de> In-Reply-To: <97f118fc-b38f-4bcc-83d3-4d3c13edf7a0@suse.de> From: Ard Biesheuvel Date: Wed, 3 Jan 2024 14:11:40 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 2/3] arch/x86: Add for arch_ima_efi_boot_mode To: Thomas Zimmermann Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, bhelgaas@google.com, arnd@arndb.de, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, javierm@redhat.com, linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" On Tue, 2 Jan 2024 at 15:07, Thomas Zimmermann wrote: > > Hii Ard > > Am 19.12.23 um 12:38 schrieb Ard Biesheuvel: > > Hi Thomas, > > > > On Fri, 15 Dec 2023 at 13:26, Thomas Zimmermann wrote: > >> > >> The header file contains the macro arch_ima_efi_boot_mode, > >> which expands to use struct boot_params from . Many > >> drivers include , but do not use boot parameters. Changes > >> to bootparam.h or its included headers can easily trigger large, > >> unnessary rebuilds of the kernel. > >> > >> Moving x86's arch_ima_efi_boot_mode to and including > >> separates that dependency from the rest of the EFI > >> interfaces. The only user is in ima_efi.c. As the file already declares > >> a default value for arch_ima_efi_boot_mode, move this define into > >> asm-generic for all other architectures. > >> > >> With arch_ima_efi_boot_mode removed from efi.h, can > >> later be removed from further x86 header files. > >> > > > > Apologies if I missed this in v1 but is the new asm-generic header > > really necessary? Could we instead turn arch_ima_efi_boot_mode into a > > function that is a static inline { return unset; } by default, but can > > be emitted out of line in one of the x86/platform/efi.c source files, > > where referring to boot_params is fine? > > I cannot figure out how to do this without *something* in asm-generic or > adding if-CONFIG_X86 guards in ima-efi.c. > > But I noticed that linux/efi.h already contains 2 or 3 ifdef branches > for x86. Would it be an option to move this code into asm/efi.h > (including a header file in asm-generic for the non-x86 variants) and > add the arch_ima_efi_boot_mode() helper there as well? At least that > wouldn't be a header for only a single define. > Could we just move the x86 implementation out of line? So something like this in arch/x86/include/asm/efi.h enum efi_secureboot_mode x86_ima_efi_boot_mode(void); #define arch_ima_efi_boot_mode x86_ima_efi_boot_mode() and an implementation in one of the related .c files: enum efi_secureboot_mode x86_ima_efi_boot_mode(void) { return boot_params.secure_boot; } ?