Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-06 14:05:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
56dc986a6b
linux-next/security/integrity
History
Coiby Xu 56dc986a6b ima: require signed IMA policy when UEFI secure boot is enabled 
With commit 099f26f22f ("integrity: machine keyring CA
configuration"), users are able to add custom IMA CA keys via
MOK.  This allows users to sign their own IMA polices without
recompiling the kernel. For the sake of security, mandate signed IMA
policy when UEFI secure boot is enabled.

Note this change may affect existing users/tests i.e users won't be able
to load an unsigned IMA policy when the IMA architecture specific policy
is configured and UEFI secure boot is enabled.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2023-08-01 08:18:11 -04:00
..
evm evm: Fix build warnings 2023-06-06 08:51:11 -04:00
ima ima: require signed IMA policy when UEFI secure boot is enabled 2023-08-01 08:18:11 -04:00
platform_certs security/integrity: fix pointer to ESL data and its size on pseries 2023-06-21 14:08:53 +10:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
digsig.c integrity: machine keyring CA configuration 2023-04-24 16:15:53 +03:00
iint.c integrity: Fix possible multiple allocation in integrity_inode_get() 2023-06-01 07:25:04 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
integrity.h ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
Kconfig integrity: machine keyring CA configuration 2023-04-24 16:15:53 +03:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00