git.baikalelectronics.ru Git - kernel.git/commit

author	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Fri, 13 Jul 2018 18:06:01 +0000 (14:06 -0400)
committer	James Morris <james.morris@microsoft.com>
	Mon, 16 Jul 2018 19:31:57 +0000 (12:31 -0700)
commit	79bb7e578b075e3e57a658eb7dbfa50e7ef4f5bf
tree	9a9f6481aae7a957d72fdbaf3e89d3c88847203f	tree \| snapshot
parent	c87a1e8b3ae7da47388895962d9867bd1af74905	commit \| diff

ima: add build time policy

IMA by default does not measure, appraise or audit files, but can be
enabled at runtime by specifying a builtin policy on the boot command line
or by loading a custom policy.

This patch defines a build time policy, which verifies kernel modules,
firmware, kexec image, and/or the IMA policy signatures. This build time
policy is automatically enabled at runtime and persists after loading a
custom policy.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>

security/integrity/ima/Kconfig		diff \| blob \| history
security/integrity/ima/ima_policy.c		diff \| blob \| history