Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
"Mimi Zohar says:
'Linux 5.0 introduced the platform keyring to allow verifying the IMA
kexec kernel image signature using the pre-boot keys. This pull
request similarly makes keys on the platform keyring accessible for
verifying the PE kernel image signature.
Also included in this pull request is a new IMA hook that tags tmp
files, in policy, indicating the file hash needs to be calculated.
The remaining patches are cleanup'"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
evm: Use defined constant for UUID representation
ima: define ima_post_create_tmpfile() hook and add missing call
evm: remove set but not used variable 'xattr'
encrypted-keys: fix Opt_err/Opt_error = -1
kexec, KEYS: Make use of platform keyring for signature verify
integrity, KEYS: add a reference to platform keyring
This commit is contained in:
Linus Torvalds
@@ -61,5 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
|
||||
}
|
||||
#endif /* CONFIG_IMA_BLACKLIST_KEYRING */
|
||||
|
||||
#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
|
||||
defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
|
||||
extern void __init set_platform_trusted_keys(struct key *keyring);
|
||||
#else
|
||||
static inline void set_platform_trusted_keys(struct key *keyring)
|
||||
{
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* _KEYS_SYSTEM_KEYRING_H */
|
||||
|
||||
Reference in New Issue
Block a user