documentation: add IPE documentation

Add IPE's admin and developer documentation to the kernel tree. Co-developed-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

documentation: add IPE documentation
Add IPE's admin and developer documentation to the kernel tree. Co-developed-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
ac673187 · Deven Bowers · Paul Moore · 10ca05a7 · ac673187 · ac673187
Commit ac673187 authored Aug 02, 2024 by Deven Bowers Committed by Paul Moore Aug 20, 2024
6 changed files
--- a/Documentation/admin-guide/LSM/index.rst
+++ b/Documentation/admin-guide/LSM/index.rst
@@ -47,3 +47,4 @@ subdirectories.
   tomoyo
   Yama
   SafeSetID
+   ipe
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2350,6 +2350,18 @@
 	ipcmni_extend	[KNL,EARLY] Extend the maximum number of unique System V
 			IPC identifiers from 32,768 to 16,777,216.

+	ipe.enforce=	[IPE]
+			Format: <bool>
+			Determine whether IPE starts in permissive (0) or
+			enforce (1) mode. The default is enforce.
+
+	ipe.success_audit=
+			[IPE]
+			Format: <bool>
+			Start IPE with success auditing enabled, emitting
+			an audit event when a binary is allowed. The default
+			is 0.
+
 	irqaffinity=	[SMP] Set the default irq affinity mask
 			The argument is a cpu list, as described above.


--- a/Documentation/filesystems/fsverity.rst
+++ b/Documentation/filesystems/fsverity.rst
@@ -92,7 +92,9 @@ authenticating fs-verity file hashes include:
  "IPE policy" specifically allows for the authorization of fs-verity
  files using properties ``fsverity_digest`` for identifying
  files by their verity digest, and ``fsverity_signature`` to authorize
-  files with a verified fs-verity's built-in signature.
+  files with a verified fs-verity's built-in signature. For
+  details on configuring IPE policies and understanding its operational
+  modes, please refer to :doc:`IPE admin guide </admin-guide/LSM/ipe>`.

 - Trusted userspace code in combination with `Built-in signature
  verification`_.  This approach should be used only with great care.
@@ -508,6 +510,8 @@ be carefully considered before using them:
  files with a verified fs-verity builtin signature to perform certain
  operations, such as execution. Note that IPE doesn't require
  fs.verity.require_signatures=1.
+  Please refer to :doc:`IPE admin guide </admin-guide/LSM/ipe>` for
+  more details.

 - A file's builtin signature can only be set at the same time that
  fs-verity is being enabled on the file.  Changing or deleting the

--- a/Documentation/security/index.rst
+++ b/Documentation/security/index.rst
@@ -19,3 +19,4 @@ Security Documentation
   digsig
   landlock
   secrets/index
+   ipe
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst