• Nayna Jain's avatar
    ima: add support for arch specific policies · 61917062
    Nayna Jain authored
    Builtin IMA policies can be enabled on the boot command line, and replaced
    with a custom policy, normally during early boot in the initramfs. Build
    time IMA policy rules were recently added. These rules are automatically
    enabled on boot and persist after loading a custom policy.
    
    There is a need for yet another type of policy, an architecture specific
    policy, which is derived at runtime during kernel boot, based on the
    runtime secure boot flags.  Like the build time policy rules, these rules
    persist after loading a custom policy.
    
    This patch adds support for loading an architecture specific IMA policy.
    Signed-off-by: default avatarNayna Jain <nayna@linux.ibm.com>
    Co-Developed-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    61917062
ima_policy.c 35.8 KB