ima: define a set of appraisal rules requiring file signatures - kernel/linux.git

diff options

author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2017-04-22 01:58:27 +0300
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2017-06-21 21:37:12 +0300
commit	503ceaef8e2e7dbbdb04a867acc6fe4c548ede7f (patch)
tree	8657ab63e5546d352bdc1c4ffaa420d75b701d94 /drivers/i2c/i2c-slave-eeprom.c
parent	33ce9549cfa1e71d77bc91a2e67e65d693e2e53f (diff)
download	linux-503ceaef8e2e7dbbdb04a867acc6fe4c548ede7f.tar.xz

ima: define a set of appraisal rules requiring file signatures

The builtin "ima_appraise_tcb" policy should require file signatures for at least a few of the hooks (eg. kernel modules, firmware, and the kexec kernel image), but changing it would break the existing userspace/kernel ABI. This patch defines a new builtin policy named "secure_boot", which can be specified on the "ima_policy=" boot command line, independently or in conjunction with the "ima_appraise_tcb" policy, by specifing ima_policy="appraise_tcb | secure_boot". The new appraisal rules requiring file signatures will be added prior to the "ima_appraise_tcb" rules. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Changelog: - Reference secure boot in the new builtin policy name. (Thiago Bauermann)

Diffstat (limited to 'drivers/i2c/i2c-slave-eeprom.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: