Dmitry Kasatkin c57782c13e ima: require signature based appraisal ... This patch provides CONFIG_IMA_APPRAISE_SIGNED_INIT kernel configuration option to force IMA appraisal using signatures. This is useful, when EVM key is not initialized yet and we want securely initialize integrity or any other functionality. It forces embedded policy to require signature. Signed initialization script can initialize EVM key, update the IMA policy and change further requirement of everything to be signed. Changes in v3: * kernel parameter fixed to configuration option in the patch description Changes in v2: * policy change of this patch separated from the key loading patch Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>		2014-11-17 23:12:01 -05:00
..
apparmor	sched: move no_new_privs into new atomic flags	2014-07-18 12:13:38 -07:00
integrity	ima: require signature based appraisal	2014-11-17 23:12:01 -05:00
keys	KEYS: Make the key matching functions return bool	2014-09-16 17:36:08 +01:00
selinux	selinux: normalize audit log formatting	2014-09-22 17:02:10 -04:00
smack	Make Smack operate on smack_known struct where it still used char*	2014-08-29 10:10:55 -07:00
tomoyo	get rid of pointless checks for NULL ->i_op	2014-04-01 23:19:16 -04:00
yama
capability.c	security: introduce kernel_fw_from_file hook	2014-07-25 11:47:45 -07:00
commoncap.c	CAPABILITIES: remove undefined caps from all processes	2014-07-24 21:53:47 +10:00
device_cgroup.c	device_cgroup: use css_has_online_children() instead of has_children()	2014-05-16 13:22:52 -04:00
inode.c
Kconfig
lsm_audit.c	audit: anchor all pid references in the initial pid namespace	2014-03-20 10:11:55 -04:00
Makefile	security: cleanup Makefiles to use standard syntax for specifying sub-directories	2014-02-17 11:08:04 +11:00
min_addr.c
security.c	ima: add support for measuring and appraising firmware	2014-07-25 11:47:46 -07:00