summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorNayna Jain <nayna@linux.ibm.com>2020-03-09 03:57:51 +0300
committerMimi Zohar <zohar@linux.ibm.com>2020-03-12 14:43:57 +0300
commit9e2b4be377f0d715d9d910507890f9620cc22a9d (patch)
treeb837793b54687af1ab19e7957833182399ff3d7d /include
parent96c82175d13879a0d465429419451eaad6e21258 (diff)
downloadlinux-9e2b4be377f0d715d9d910507890f9620cc22a9d.tar.xz
ima: add a new CONFIG for loading arch-specific policies
Every time a new architecture defines the IMA architecture specific functions - arch_ima_get_secureboot() and arch_ima_get_policy(), the IMA include file needs to be updated. To avoid this "noise", this patch defines a new IMA Kconfig IMA_SECURE_AND_OR_TRUSTED_BOOT option, allowing the different architectures to select it. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Nayna Jain <nayna@linux.ibm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Philipp Rudo <prudo@linux.ibm.com> (s390) Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'include')
-rw-r--r--include/linux/ima.h3
1 files changed, 1 insertions, 2 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 1659217e9b60..aefe758f4466 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -30,8 +30,7 @@ extern void ima_kexec_cmdline(const void *buf, int size);
extern void ima_add_kexec_buffer(struct kimage *image);
#endif
-#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) \
- || defined(CONFIG_PPC_SECURE_BOOT)
+#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
extern bool arch_ima_get_secureboot(void);
extern const char * const *arch_get_ima_policy(void);
#else