diff options
author | Nayna Jain <nayna@linux.ibm.com> | 2020-03-09 03:57:51 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2020-03-12 14:43:57 +0300 |
commit | 9e2b4be377f0d715d9d910507890f9620cc22a9d (patch) | |
tree | b837793b54687af1ab19e7957833182399ff3d7d /include | |
parent | 96c82175d13879a0d465429419451eaad6e21258 (diff) | |
download | linux-9e2b4be377f0d715d9d910507890f9620cc22a9d.tar.xz |
ima: add a new CONFIG for loading arch-specific policies
Every time a new architecture defines the IMA architecture specific
functions - arch_ima_get_secureboot() and arch_ima_get_policy(), the IMA
include file needs to be updated. To avoid this "noise", this patch
defines a new IMA Kconfig IMA_SECURE_AND_OR_TRUSTED_BOOT option, allowing
the different architectures to select it.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Philipp Rudo <prudo@linux.ibm.com> (s390)
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/ima.h | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h index 1659217e9b60..aefe758f4466 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -30,8 +30,7 @@ extern void ima_kexec_cmdline(const void *buf, int size); extern void ima_add_kexec_buffer(struct kimage *image); #endif -#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390) \ - || defined(CONFIG_PPC_SECURE_BOOT) +#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT extern bool arch_ima_get_secureboot(void); extern const char * const *arch_get_ima_policy(void); #else |