Re: [PATCH v10 2/9] powerpc/ima: add support to initialize ima policy rules

From: Michael Ellerman
Date: Thu Nov 14 2019 - 04:08:10 EST

Next message: Michael Ellerman: "Re: [PATCH v10 4/9] powerpc/ima: define trusted boot policy"
Previous message: Michael Ellerman: "Re: [RESEND][PATCH] powerpc/pseries: Use correct event modifier in rtas_parse_epow_errlog()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2019-10-31 at 03:31:27 UTC, Mimi Zohar wrote:
> From: Nayna Jain <nayna@xxxxxxxxxxxxx>
>
> PowerNV systems use a Linux-based bootloader, which rely on the IMA
> subsystem to enforce different secure boot modes. Since the verification
> policy may differ based on the secure boot mode of the system, the
> policies must be defined at runtime.
>
> This patch implements arch-specific support to define IMA policy
> rules based on the runtime secure boot mode of the system.
>
> This patch provides arch-specific IMA policies if PPC_SECURE_BOOT
> config is enabled.
>
> Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/4238fad366a660cbc6499ca1ea4be42bd4d1ac5b

cheers

Next message: Michael Ellerman: "Re: [PATCH v10 4/9] powerpc/ima: define trusted boot policy"
Previous message: Michael Ellerman: "Re: [RESEND][PATCH] powerpc/pseries: Use correct event modifier in rtas_parse_epow_errlog()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]