Google Git
Sign in
android / platform / external / linux-kselftest / d7cecb676dd3
commitd7cecb676dd364b28a5a8f5e4a30ce2e9cfdfcc3[log] [tgz]
authorNayna Jain <nayna@linux.ibm.com>Sun Dec 09 01:57:05 2018 +0530
committerMimi Zohar <zohar@linux.ibm.com>Wed Dec 12 22:09:33 2018 -0500
tree8119e0996f551cbb0a7e6c2568f5986d40f1effc
parent386b49f51dc24d1f9139eb11f49aa075eeb35363 [diff]
ima: Support platform keyring for kernel appraisal

On secure boot enabled systems, the bootloader verifies the kernel
image and possibly the initramfs signatures based on a set of keys. A
soft reboot(kexec) of the system, with the same kernel image and
initramfs, requires access to the original keys to verify the
signatures.

This patch allows IMA-appraisal access to those original keys, now
loaded on the platform keyring, needed for verifying the kernel image
and initramfs signatures.

[zohar@linux.ibm.com: only use platform keyring if it's enabled (Thiago)]
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
1 file changed
tree: 8119e0996f551cbb0a7e6c2568f5986d40f1effc
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README