mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-28 11:18:45 +07:00
9044d627fd
Introduce the modsig keyword to the IMA policy syntax to specify that a given hook should expect the file to have the IMA signature appended to it. Here is how it can be used in a rule: appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig With this rule, IMA will accept either a signature stored in the extended attribute or an appended signature. For now, the rule above will behave exactly the same as if appraise_type=imasig was specified. The actual modsig implementation will be introduced separately. Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
15 lines
488 B
Makefile
15 lines
488 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for building Trusted Computing Group's(TCG) runtime Integrity
|
|
# Measurement Architecture(IMA).
|
|
#
|
|
|
|
obj-$(CONFIG_IMA) += ima.o
|
|
|
|
ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
|
|
ima_policy.o ima_template.o ima_template_lib.o
|
|
ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o
|
|
ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o
|
|
ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o
|
|
obj-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o
|