linux/security/integrity
Nayna Jain 6191706246 ima: add support for arch specific policies
Builtin IMA policies can be enabled on the boot command line, and replaced
with a custom policy, normally during early boot in the initramfs. Build
time IMA policy rules were recently added. These rules are automatically
enabled on boot and persist after loading a custom policy.

There is a need for yet another type of policy, an architecture specific
policy, which is derived at runtime during kernel boot, based on the
runtime secure boot flags.  Like the build time policy rules, these rules
persist after loading a custom policy.

This patch adds support for loading an architecture specific IMA policy.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Co-Developed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:13:40 -05:00
..
evm security/integrity: constify some read-only data 2018-10-10 12:56:15 -04:00
ima ima: add support for arch specific policies 2018-12-11 07:13:40 -05:00
digsig_asymmetric.c integrity: support new struct public_key_signature encoding field 2018-11-13 07:37:42 -05:00
digsig.c security/integrity: remove unnecessary 'init_keyring' variable 2018-10-10 12:56:15 -04:00
iint.c LSM: Record LSM name in struct lsm_info 2018-10-10 20:40:22 -07:00
integrity_audit.c ima: Use audit_log_format() rather than audit_log_string() 2018-07-18 07:27:22 -04:00
integrity.h ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set 2018-07-18 07:27:22 -04:00
Kconfig security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA 2016-04-12 19:54:58 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00