leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fa4f3f56cc
linux/arch/powerpc
History
Nayna Jain fa4f3f56cc powerpc/ima: Fix secure boot rules in ima arch policy 
To prevent verifying the kernel module appended signature
twice (finit_module), once by the module_sig_check() and again by IMA,
powerpc secure boot rules define an IMA architecture specific policy
rule only if CONFIG_MODULE_SIG_FORCE is not enabled. This,
unfortunately, does not take into account the ability of enabling
"sig_enforce" on the boot command line (module.sig_enforce=1).

Including the IMA module appraise rule results in failing the
finit_module syscall, unless the module signing public key is loaded
onto the IMA keyring.

This patch fixes secure boot policy rules to be based on
CONFIG_MODULE_SIG instead.

Fixes: 4238fad366 ("powerpc/ima: Add support to initialize ima policy rules")
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Link: https://lore.kernel.org/r/1588342612-14532-1-git-send-email-nayna@linux.ibm.com
2020-05-07 17:25:54 +10:00
..
boot powerpc updates for 5.7 2020-04-05 11:12:59 -07:00
configs powerpc updates for 5.7 #2 2020-04-09 11:01:42 -07:00
crypto crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN 2020-01-09 11:30:53 +08:00
include powerpc/64s: Fix unrecoverable SLB crashes due to preemption check 2020-05-04 09:18:06 +10:00
kernel powerpc/ima: Fix secure boot rules in ima arch policy 2020-05-07 17:25:54 +10:00
kexec powerpc updates for 5.7 2020-04-05 11:12:59 -07:00
kvm virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
lib powerpc/64/sstep: Ifdef the deprecated fast endian switch syscall 2020-04-01 13:42:13 +11:00
math-emu treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
mm powerpc/8xx: Fix STRICT_KERNEL_RWX startup test failure 2020-04-22 20:23:41 +10:00
net treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
oprofile powerpc updates for 5.6 2020-02-04 13:06:46 +00:00
perf powerpc updates for 5.7 #2 2020-04-09 11:01:42 -07:00
platforms powerpc/mm: Fix CONFIG_PPC_KUAP_DEBUG on PPC32 2020-04-22 20:24:02 +10:00
purgatory .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
sysdev powerpc/xive: Add a debugfs file to dump internal XIVE state 2020-03-27 00:20:38 +11:00
tools powerpc: Do not consider weak unresolved symbol relocations as bad 2020-01-31 20:17:22 +11:00
xmon powerpc: Make setjmp/longjmp signature standard 2020-04-01 14:30:51 +11:00
Kbuild powerpc/kexec: Move kexec files into a dedicated subdir. 2019-11-21 15:41:34 +11:00
Kconfig powerpc updates for 5.7 #2 2020-04-09 11:01:42 -07:00
Kconfig.debug powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX 2020-01-23 21:31:13 +11:00
Makefile powerpc: Suppress .eh_frame generation 2020-04-01 14:30:51 +11:00
Makefile.postlink powerpc: Do not consider weak unresolved symbol relocations as bad 2020-01-31 20:17:22 +11:00