linux/security/integrity
Bruno E. O. Meneguele 7c9bc0983f ima: check signature enforcement against cmdline param instead of CONFIG
When the user requests MODULE_CHECK policy and its kernel is compiled
with CONFIG_MODULE_SIG_FORCE not set, all modules would not load, just
those loaded in initram time. One option the user would have would be
set a kernel cmdline param (module.sig_enforce) to true, but the IMA
module check code doesn't rely on this value, it checks just
CONFIG_MODULE_SIG_FORCE.

This patch solves this problem checking for the exported value of
module.sig_enforce cmdline param intead of CONFIG_MODULE_SIG_FORCE,
which holds the effective value (CONFIG || param).

Signed-off-by: Bruno E. O. Meneguele <brdeoliv@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2017-11-08 15:16:36 -05:00
..
evm EVM: Only complain about a missing HMAC key once 2017-11-08 15:16:36 -05:00
ima ima: check signature enforcement against cmdline param instead of CONFIG 2017-11-08 15:16:36 -05:00
digsig_asymmetric.c integrity: Small code improvements 2017-06-21 14:37:12 -04:00
digsig.c integrity: use kernel_read_file_from_path() to read x509 certs 2017-11-08 15:16:36 -05:00
iint.c integrity: use kernel_read_file_from_path() to read x509 certs 2017-11-08 15:16:36 -05:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h integrity: use kernel_read_file_from_path() to read x509 certs 2017-11-08 15:16:36 -05:00
Kconfig security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA 2016-04-12 19:54:58 +01:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00