renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-22 20:23:57 +08:00
Code
41c89b64d7
linux-next/security/integrity
History
Petko Manolov 41c89b64d7 IMA: create machine owner and blacklist keyrings 
This option creates IMA MOK and blacklist keyrings.  IMA MOK is an
intermediate keyring that sits between .system and .ima keyrings,
effectively forming a simple CA hierarchy.  To successfully import a key
into .ima_mok it must be signed by a key which CA is in .system keyring.
On turn any key that needs to go in .ima keyring must be signed by CA in
either .system or .ima_mok keyrings. IMA MOK is empty at kernel boot.

IMA blacklist keyring contains all revoked IMA keys.  It is consulted
before any other keyring.  If the search is successful the requested
operation is rejected and error is returned to the caller.

Signed-off-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-12-15 10:01:43 -05:00
..
evm evm: EVM_LOAD_X509 depends on EVM 2015-12-15 09:57:21 -05:00
ima IMA: create machine owner and blacklist keyrings 2015-12-15 10:01:43 -05:00
digsig_asymmetric.c IMA: create machine owner and blacklist keyrings 2015-12-15 10:01:43 -05:00
digsig.c integrity: define '.evm' as a builtin 'trusted' keyring 2015-11-23 14:30:02 -05:00
iint.c evm: load an x509 certificate from the kernel 2015-12-15 08:31:19 -05:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h evm: load an x509 certificate from the kernel 2015-12-15 08:31:19 -05:00
Kconfig integrity: define '.evm' as a builtin 'trusted' keyring 2015-11-23 14:30:02 -05:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00