This patch set defines a generic method for measuring/appraising files read by the kernel. The IMA policy language is extended to support measuring/appraising a kexec'ed image (KEXEC_CHECK) and initramfs (INITRAMFS_CHECK). The last patch replaces the existing IMA firmware hook with a generic hook.
Mimi Dmitry Kasatkin (1): ima: separate 'security.ima' reading functionality from collect Mimi Zohar (4): ima: measure and appraise kexec image ima: ignore the kexec cache status ima: measure/appraise the initramfs being kexec'ed ima: read firmware only once Documentation/ABI/testing/ima_policy | 2 +- drivers/base/firmware_class.c | 7 ++- include/linux/ima.h | 18 +++++++- kernel/kexec_file.c | 17 ++++--- security/integrity/ima/ima.h | 23 +++++----- security/integrity/ima/ima_api.c | 51 +++++++++++++++------ security/integrity/ima/ima_appraise.c | 37 ++++++++++------ security/integrity/ima/ima_crypto.c | 44 +++++++++++++----- security/integrity/ima/ima_init.c | 2 +- security/integrity/ima/ima_main.c | 74 +++++++++++++++++++++++++------ security/integrity/ima/ima_policy.c | 23 +++++++--- security/integrity/ima/ima_template.c | 2 - security/integrity/ima/ima_template_lib.c | 3 +- security/integrity/integrity.h | 10 ++--- security/security.c | 6 +-- 15 files changed, 227 insertions(+), 92 deletions(-) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
