x86/ima: Use EFI GetVariable only when available

Replace the EFI runtime services check with one that tells us whether
EFI GetVariable() is implemented by the firmware.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

diff --git a/arch/x86/kernel/ima_arch.c b/arch/x86/kernel/ima_arch.c
index 4d4f5d9faac314ad5fe5c21a05e72c873ec42d65..cb6ed616a543290ec8f7f3efaf4334c39f2b7b90 100644 (file)
--- a/arch/x86/kernel/ima_arch.c
+++ b/arch/x86/kernel/ima_arch.c
@@ -19,7 +19,7 @@ static enum efi_secureboot_mode get_sb_mode(void)
 
        size = sizeof(secboot);
 
-       if (!efi_enabled(EFI_RUNTIME_SERVICES)) {
+       if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
                pr_info("ima: secureboot mode unknown, no efi\n");
                return efi_secureboot_mode_unknown;
        }