ima: define a set of appraisal rules requiring file signatures
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 21 Apr 2017 22:58:27 +0000 (18:58 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 21 Jun 2017 18:37:12 +0000 (14:37 -0400)
commit503ceaef8e2e7dbbdb04a867acc6fe4c548ede7f
tree8657ab63e5546d352bdc1c4ffaa420d75b701d94
parent33ce9549cfa1e71d77bc91a2e67e65d693e2e53f
ima: define a set of appraisal rules requiring file signatures

The builtin "ima_appraise_tcb" policy should require file signatures for
at least a few of the hooks (eg. kernel modules, firmware, and the kexec
kernel image), but changing it would break the existing userspace/kernel
ABI.

This patch defines a new builtin policy named "secure_boot", which
can be specified on the "ima_policy=" boot command line, independently
or in conjunction with the "ima_appraise_tcb" policy, by specifing
ima_policy="appraise_tcb | secure_boot".  The new appraisal rules
requiring file signatures will be added prior to the "ima_appraise_tcb"
rules.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Changelog:
- Reference secure boot in the new builtin policy name. (Thiago Bauermann)
Documentation/admin-guide/kernel-parameters.txt
security/integrity/ima/ima_policy.c