linux-stable/security/integrity/ima
James Morris 5580b4a1a8 Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity
From Mimi:

In Linux 4.19, a new LSM hook named security_kernel_load_data was
upstreamed, allowing LSMs and IMA to prevent the kexec_load
syscall.  Different signature verification methods exist for verifying
the kexec'ed kernel image.  This pull request adds additional support
in IMA to prevent loading unsigned kernel images via the kexec_load
syscall, independently of the IMA policy rules, based on the runtime
"secure boot" flag.  An initial IMA kselftest is included.

In addition, this pull request defines a new, separate keyring named
".platform" for storing the preboot/firmware keys needed for verifying
the kexec'ed kernel image's signature and includes the associated IMA
kexec usage of the ".platform" keyring.

(David Howell's and Josh Boyer's patches for reading the
preboot/firmware keys, which were previously posted for a different
use case scenario, are included here.)
2018-12-17 11:26:46 -08:00
..
ima.h security/integrity: constify some read-only data 2018-10-10 12:56:15 -04:00
ima_api.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
ima_appraise.c Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity 2018-12-17 11:26:46 -08:00
ima_crypto.c ima: open a new file instance if no read permissions 2018-10-10 15:18:00 -04:00
ima_fs.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
ima_init.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
ima_kexec.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_main.c Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity 2018-12-17 11:26:46 -08:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next-integrity 2018-12-17 11:26:46 -08:00
ima_queue.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
ima_template.c security/integrity: constify some read-only data 2018-10-10 12:56:15 -04:00
ima_template_lib.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
Kconfig x86/ima: define arch_get_ima_policy() for x86 2018-12-11 07:13:41 -05:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00