git.baikalelectronics.ru Git - kernel.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Thu, 31 Oct 2019 03:31:27 +0000 (23:31 -0400)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Tue, 12 Nov 2019 01:25:49 +0000 (12:25 +1100)
commit	e70de21daa33ba5580af8feb040c6d3be23ba498
tree	ddfe3283dacee87a13c8191073b86d2b990c2a01	tree \| snapshot
parent	b464359338cfa6edda96f4d6248de2478ea6a545	commit \| diff

powerpc/ima: Add support to initialize ima policy rules

PowerNV systems use a Linux-based bootloader, which rely on the IMA
subsystem to enforce different secure boot modes. Since the
verification policy may differ based on the secure boot mode of the
system, the policies must be defined at runtime.

This patch implements arch-specific support to define IMA policy rules
based on the runtime secure boot mode of the system.

This patch provides arch-specific IMA policies if PPC_SECURE_BOOT
config is enabled.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1572492694-6520-3-git-send-email-zohar@linux.ibm.com

arch/powerpc/Kconfig		diff \| blob \| history
arch/powerpc/kernel/Makefile		diff \| blob \| history
arch/powerpc/kernel/ima_arch.c	[new file with mode: 0644]	blob
include/linux/ima.h		diff \| blob \| history