leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c9cd2ce2bc
linux/security/integrity
History
Dmitry Kasatkin c9cd2ce2bc integrity: provide a hook to load keys when rootfs is ready 
Keys can only be loaded once the rootfs is mounted. Initcalls
are not suitable for that. This patch defines a special hook
to load the x509 public keys onto the IMA keyring, before
attempting to access any file. The keys are required for
verifying the file's signature. The hook is called after the
root filesystem is mounted and before the kernel calls 'init'.

Changes in v3:
* added more explanation to the patch description (Mimi)

Changes in v2:
* Hook renamed as 'integrity_load_keys()' to handle both IMA and EVM
  keys by integrity subsystem.
* Hook patch moved after defining loading functions

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-11-17 23:12:01 -05:00
..
evm evm: skip replacing EVM signature with HMAC on read-only filesystem 2014-10-07 14:32:53 -04:00
ima ima: load x509 certificate from the kernel 2014-11-17 23:12:00 -05:00
digsig_asymmetric.c integrity: do zero padding of the key id 2014-10-06 17:33:27 +01:00
digsig.c integrity: provide a function to load x509 certificate from the kernel 2014-11-17 23:11:59 -05:00
iint.c integrity: provide a hook to load keys when rootfs is ready 2014-11-17 23:12:01 -05:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h ima: load x509 certificate from the kernel 2014-11-17 23:12:00 -05:00
Kconfig integrity: base integrity subsystem kconfig options on integrity 2014-09-09 10:28:56 -04:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00