Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-27 02:13:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
c57782c13e
linux/security/integrity
History
Dmitry Kasatkin c57782c13e ima: require signature based appraisal 
This patch provides CONFIG_IMA_APPRAISE_SIGNED_INIT kernel configuration
option to force IMA appraisal using signatures. This is useful, when EVM
key is not initialized yet and we want securely initialize integrity or
any other functionality.

It forces embedded policy to require signature. Signed initialization
script can initialize EVM key, update the IMA policy and change further
requirement of everything to be signed.

Changes in v3:
* kernel parameter fixed to configuration option in the patch description

Changes in v2:
* policy change of this patch separated from the key loading patch

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-11-17 23:12:01 -05:00
..
evm evm: skip replacing EVM signature with HMAC on read-only filesystem 2014-10-07 14:32:53 -04:00
ima ima: require signature based appraisal 2014-11-17 23:12:01 -05:00
digsig_asymmetric.c integrity: do zero padding of the key id 2014-10-06 17:33:27 +01:00
digsig.c integrity: provide a function to load x509 certificate from the kernel 2014-11-17 23:11:59 -05:00
iint.c integrity: provide a hook to load keys when rootfs is ready 2014-11-17 23:12:01 -05:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h ima: load x509 certificate from the kernel 2014-11-17 23:12:00 -05:00
Kconfig integrity: base integrity subsystem kconfig options on integrity 2014-09-09 10:28:56 -04:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00