Re: [PATCH 3/3] x86/ima: retry detecting secure boot mode

From: Matthew Garrett
Date: Thu Mar 07 2019 - 17:50:31 EST


On Thu, Mar 7, 2019 at 2:48 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> I added this last attempt because I'm seeing this on my laptop, with
> some older, buggy firmware.

Is the issue that it gives incorrect results on the first read, or is
the issue that it gives incorrect results before ExitBootServices() is
called? If the former then we should read twice in the boot stub, if
the latter then we should figure out a way to do this immediately
after ExitBootServices() instead.