x86/ima: define arch_get_ima_policy() for x86

	else

		return false;

}

/* secureboot arch rules */

static const char * const sb_arch_rules[] = {

#if !IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG)

	"appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig",

#endif /* CONFIG_KEXEC_VERIFY_SIG */

	"measure func=KEXEC_KERNEL_CHECK",

	NULL

};

const char * const *arch_get_ima_policy(void)

{

	if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot())

		return sb_arch_rules;

	return NULL;

}

#ifdef CONFIG_X86

extern bool arch_ima_get_secureboot(void);

extern const char * const *arch_get_ima_policy(void);

#else

static inline bool arch_ima_get_secureboot(void)

{

	return false;

}

#endif

static inline const char * const *arch_get_ima_policy(void)

{

	return NULL;

}

#endif

#else

static inline int ima_bprm_check(struct linux_binprm *bprm)

	  <http://linux-ima.sourceforge.net>

	  If unsure, say N.

config IMA_ARCH_POLICY

        bool "Enable loading an IMA architecture specific policy"

        depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS

        default n

        help

          This option enables loading an IMA architecture specific policy

          based on run time secure boot flags.

config IMA_APPRAISE_BUILD_POLICY

	bool "IMA build time configured policy rules"

	depends on IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS

config IMA_APPRAISE_BOOTPARAM

	bool "ima_appraise boot parameter"

	depends on IMA_APPRAISE

	depends on IMA_APPRAISE && !IMA_ARCH_POLICY

	default y

	help

	  This option enables the different "ima_appraise=" modes