mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-03 17:14:14 +08:00
f4dc37785e
Require all keys added to the EVM keyring be signed by an existing trusted key on the system trusted keyring. This patch also switches IMA to use integrity_init_keyring(). Changes in v3: * Added 'init_keyring' config based variable to skip initializing keyring instead of using __integrity_init_keyring() wrapper. * Added dependency back to CONFIG_IMA_TRUSTED_KEYRING Changes in v2: * Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option * Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config file compatibility. (Mimi Zohar) Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
||
|---|---|---|
| .. | ||
| ima_api.c | ||
| ima_appraise.c | ||
| ima_crypto.c | ||
| ima_fs.c | ||
| ima_init.c | ||
| ima_main.c | ||
| ima_policy.c | ||
| ima_queue.c | ||
| ima_template_lib.c | ||
| ima_template_lib.h | ||
| ima_template.c | ||
| ima.h | ||
| Kconfig | ||
| Makefile | ||