mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-23 15:49:17 +07:00
503ceaef8e
The builtin "ima_appraise_tcb" policy should require file signatures for at least a few of the hooks (eg. kernel modules, firmware, and the kexec kernel image), but changing it would break the existing userspace/kernel ABI. This patch defines a new builtin policy named "secure_boot", which can be specified on the "ima_policy=" boot command line, independently or in conjunction with the "ima_appraise_tcb" policy, by specifing ima_policy="appraise_tcb | secure_boot". The new appraisal rules requiring file signatures will be added prior to the "ima_appraise_tcb" rules. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Changelog: - Reference secure boot in the new builtin policy name. (Thiago Bauermann) |
||
---|---|---|
.. | ||
ima_api.c | ||
ima_appraise.c | ||
ima_crypto.c | ||
ima_fs.c | ||
ima_init.c | ||
ima_kexec.c | ||
ima_main.c | ||
ima_mok.c | ||
ima_policy.c | ||
ima_queue.c | ||
ima_template_lib.c | ||
ima_template_lib.h | ||
ima_template.c | ||
ima.h | ||
Kconfig | ||
Makefile |