diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-07-22 18:39:48 +0400 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2014-07-25 22:47:46 +0400 |
commit | 5a9196d715607f76d6b7d96a0970d6065335e62b (patch) | |
tree | df323588d1026b947e489c5fb9c83299dbcb9689 /security/security.c | |
parent | 6593d9245bc66e6e3cf4ba6d365a7833110c1402 (diff) | |
download | linux-5a9196d715607f76d6b7d96a0970d6065335e62b.tar.xz |
ima: add support for measuring and appraising firmware
The "security: introduce kernel_fw_from_file hook" patch defined a
new security hook to evaluate any loaded firmware that wasn't built
into the kernel.
This patch defines ima_fw_from_file(), which is called from the new
security hook, to measure and/or appraise the loaded firmware's
integrity.
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c index 35d37d0f0d49..e41b1a8d7644 100644 --- a/security/security.c +++ b/security/security.c @@ -847,7 +847,12 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode) int security_kernel_fw_from_file(struct file *file, char *buf, size_t size) { - return security_ops->kernel_fw_from_file(file, buf, size); + int ret; + + ret = security_ops->kernel_fw_from_file(file, buf, size); + if (ret) + return ret; + return ima_fw_from_file(file, buf, size); } EXPORT_SYMBOL_GPL(security_kernel_fw_from_file); |