lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <79185163-bf8f-4490-9396-3fd73b7a0c73@intel.com>
Date: Mon, 19 Jan 2026 10:44:08 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Mimi Zohar <zohar@...ux.ibm.com>, Ard Biesheuvel <ardb@...nel.org>
Cc: Coiby Xu <coxu@...hat.com>, linux-integrity@...r.kernel.org,
 Heiko Carstens <hca@...ux.ibm.com>,
 Roberto Sassu <roberto.sassu@...weicloud.com>,
 Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>,
 Madhavan Srinivasan <maddy@...ux.ibm.com>,
 Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>,
 "Christophe Leroy (CS GROUP)" <chleroy@...nel.org>,
 Vasily Gorbik <gor@...ux.ibm.com>, Alexander Gordeev
 <agordeev@...ux.ibm.com>, Christian Borntraeger <borntraeger@...ux.ibm.com>,
 Sven Schnelle <svens@...ux.ibm.com>, Thomas Gleixner <tglx@...utronix.de>,
 Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
 Dave Hansen <dave.hansen@...ux.intel.com>,
 "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
 "H. Peter Anvin" <hpa@...or.com>, Roberto Sassu <roberto.sassu@...wei.com>,
 Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
 Eric Snowberg <eric.snowberg@...cle.com>, Paul Moore <paul@...l-moore.com>,
 James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>,
 Jarkko Sakkinen <jarkko@...nel.org>,
 "moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)"
 <linux-arm-kernel@...ts.infradead.org>,
 open list <linux-kernel@...r.kernel.org>,
 "open list:LINUX FOR POWERPC (32-BIT AND 64-BIT)"
 <linuxppc-dev@...ts.ozlabs.org>,
 "open list:S390 ARCHITECTURE" <linux-s390@...r.kernel.org>,
 "open list:EXTENSIBLE FIRMWARE INTERFACE (EFI)" <linux-efi@...r.kernel.org>,
 "open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>,
 "open list:KEYS/KEYRINGS_INTEGRITY" <keyrings@...r.kernel.org>
Subject: Re: [PATCH 1/3] integrity: Make arch_ima_get_secureboot
 integrity-wide

On 1/18/26 10:25, Mimi Zohar wrote:
> As not all arch's implement arch_integrity_get_secureboot, the definition in
> include/linux/integrity.h would need to be updated.  Something like:
> 
> -#ifdef CONFIG_INTEGRITY_SECURE_BOOT
> +#if (defined(CONFIG_INTEGRITY_SECURE_BOOT) && \
> +       (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) \
> +        || defined(CONFIG_PPC_SECURE_BOOT))
> 
> Then IMA_SECURE_AND_OR_TRUSTED_BOOT and EVM could select INTEGRITY_SECURE_BOOT,
> as suggested.

This seems to be going a wee bit sideways. :)

This kind of CONFIG complexity really should be left to Kconfig. C
macros really aren't a great place to do it.

The other idiom we use a lot is this in generic code:

#ifndef arch_foo
static inline void arch_foo(void) {}
#endif

Then all you have to do is make sure the arch header that #defines it is
included before the generic code. I'm not a super huge fan of these
because it can be hard to tell (for humans at least) _if_ the
architecture has done the #define.

But it sure beats that #ifdef maze.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ