superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/security
History
Mimi Zohar 503ceaef8e ima: define a set of appraisal rules requiring file signatures 
The builtin "ima_appraise_tcb" policy should require file signatures for
at least a few of the hooks (eg. kernel modules, firmware, and the kexec
kernel image), but changing it would break the existing userspace/kernel
ABI.

This patch defines a new builtin policy named "secure_boot", which
can be specified on the "ima_policy=" boot command line, independently
or in conjunction with the "ima_appraise_tcb" policy, by specifing
ima_policy="appraise_tcb | secure_boot".  The new appraisal rules
requiring file signatures will be added prior to the "ima_appraise_tcb"
rules.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

Changelog:
- Reference secure boot in the new builtin policy name. (Thiago Bauermann)
 		2017-06-21 14:37:12 -04:00
..
apparmor apparmor: export that basic profile namespaces are supported 2017-06-10 17:11:48 -07:00
integrity ima: define a set of appraisal rules requiring file signatures 2017-06-21 14:37:12 -04:00
keys treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-05-09 09:12:53 -07:00
smack Smack: Use cap_capable in privilege check 2017-06-01 09:27:21 -07:00
tomoyo Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
yama security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
Kconfig Sync to mainline for security submaintainers to work against 2017-05-22 16:32:40 +10:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
commoncap.c security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
lsm_audit.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-10-04 14:48:27 -07:00
min_addr.c
security.c Sync to mainline for security submaintainers to work against 2017-05-22 16:32:40 +10:00