asedeno.scripts.mit.edu Git - linux.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Tue, 9 Oct 2018 17:30:36 +0000 (23:00 +0530)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Tue, 11 Dec 2018 12:13:40 +0000 (07:13 -0500)
commit	6191706246de99ff2fac4b6f157f20205a0943cd
tree	28eb00237285957066fc1c0b2299e279038c1395	tree \| snapshot
parent	c52657d93b0530449233979514a08cf9fe5c24bc	commit \| diff

ima: add support for arch specific policies

Builtin IMA policies can be enabled on the boot command line, and replaced
with a custom policy, normally during early boot in the initramfs. Build
time IMA policy rules were recently added. These rules are automatically
enabled on boot and persist after loading a custom policy.

There is a need for yet another type of policy, an architecture specific
policy, which is derived at runtime during kernel boot, based on the
runtime secure boot flags. Like the build time policy rules, these rules
persist after loading a custom policy.

This patch adds support for loading an architecture specific IMA policy.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Co-Developed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

include/linux/ima.h		diff \| blob \| history
security/integrity/ima/ima_policy.c		diff \| blob \| history