From 9f81a2eda488fef4c4e33a3965ae1759eb7db280 Mon Sep 17 00:00:00 2001
From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Date: Wed, 22 Jan 2020 17:32:04 -0800
Subject: IMA: Define workqueue for early boot key measurements

Measuring keys requires a custom IMA policy to be loaded.  Keys created
or updated before a custom IMA policy is loaded should be queued and
will be processed after a custom policy is loaded.

This patch defines a workqueue for queuing keys when a custom IMA policy
has not yet been loaded.  An intermediate Kconfig boolean option namely
IMA_QUEUE_EARLY_BOOT_KEYS is used to declare the workqueue functions.

A flag namely ima_process_keys is used to check if the key should be
queued or should be processed immediately.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 security/integrity/ima/Makefile | 1 +
 1 file changed, 1 insertion(+)

(limited to 'security/integrity/ima/Makefile')

diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile
index 3e9d0ad68c7b..064a256f8725 100644
--- a/security/integrity/ima/Makefile
+++ b/security/integrity/ima/Makefile
@@ -13,3 +13,4 @@ ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o
 ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o
 obj-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o
 obj-$(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS) += ima_asymmetric_keys.o
+obj-$(CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS) += ima_queue_keys.o
-- 
cgit v1.2.3-59-g8ed1b