2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-28 07:04:00 +08:00
linux-next/security/integrity/evm
Dmitry Kasatkin f4dc37785e integrity: define '.evm' as a builtin 'trusted' keyring
Require all keys added to the EVM keyring be signed by an
existing trusted key on the system trusted keyring.

This patch also switches IMA to use integrity_init_keyring().

Changes in v3:
* Added 'init_keyring' config based variable to skip initializing
  keyring instead of using  __integrity_init_keyring() wrapper.
* Added dependency back to CONFIG_IMA_TRUSTED_KEYRING

Changes in v2:
* Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common
  CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option
* Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config
  file compatibility. (Mimi Zohar)

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2015-11-23 14:30:02 -05:00
..
evm_crypto.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
evm_main.c integrity: define '.evm' as a builtin 'trusted' keyring 2015-11-23 14:30:02 -05:00
evm_posix_acl.c ima: fix script messages 2013-10-25 13:17:19 -04:00
evm_secfs.c security: integrity: Use a more current logging style 2014-03-07 12:15:21 -05:00
evm.h evm: replace HMAC version with attribute mask 2014-06-12 17:58:06 -04:00
Kconfig kconfig: use bool instead of boolean for type definition attributes 2015-01-07 13:08:04 +01:00
Makefile evm: posix acls modify i_mode 2011-09-14 15:24:51 -04:00