Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / c57782c13ecd7e7aca66cbf0139ad2a72317dc81
commitc57782c13ecd7e7aca66cbf0139ad2a72317dc81[log] [tgz]
authorDmitry Kasatkin <d.kasatkin@samsung.com>Wed Nov 05 17:01:16 2014 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>Mon Nov 17 23:12:01 2014 -0500
tree4addf9930efefacc0394ffca22b56cb4e9083fe4
parentc9cd2ce2bc6313aafa33f8e28d29a8690252f219 [diff]
ima: require signature based appraisal

This patch provides CONFIG_IMA_APPRAISE_SIGNED_INIT kernel configuration
option to force IMA appraisal using signatures. This is useful, when EVM
key is not initialized yet and we want securely initialize integrity or
any other functionality.

It forces embedded policy to require signature. Signed initialization
script can initialize EVM key, update the IMA policy and change further
requirement of everything to be signed.

Changes in v3:
* kernel parameter fixed to configuration option in the patch description

Changes in v2:
* policy change of this patch separated from the key loading patch

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2 files changed
tree: 4addf9930efefacc0394ffca22b56cb4e9083fe4
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS