forked from Minki/linux
f4dc37785e
Require all keys added to the EVM keyring be signed by an existing trusted key on the system trusted keyring. This patch also switches IMA to use integrity_init_keyring(). Changes in v3: * Added 'init_keyring' config based variable to skip initializing keyring instead of using __integrity_init_keyring() wrapper. * Added dependency back to CONFIG_IMA_TRUSTED_KEYRING Changes in v2: * Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option * Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config file compatibility. (Mimi Zohar) Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
---|---|---|
.. | ||
ima_api.c | ||
ima_appraise.c | ||
ima_crypto.c | ||
ima_fs.c | ||
ima_init.c | ||
ima_main.c | ||
ima_policy.c | ||
ima_queue.c | ||
ima_template_lib.c | ||
ima_template_lib.h | ||
ima_template.c | ||
ima.h | ||
Kconfig | ||
Makefile |