diff options
| author |   Nayna Jain <nayna@linux.ibm.com> | 2018-12-09 01:57:05 +0530 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.ibm.com> | 2018-12-12 22:09:33 -0500 |
| commit | d7cecb676dd364b28a5a8f5e4a30ce2e9cfdfcc3 (patch) | |
| tree | 8119e0996f551cbb0a7e6c2568f5986d40f1effc /tools/perf/scripts/python/export-to-sqlite.py | |
| parent | efi: Allow the "db" UEFI variable to be suppressed (diff) | |
| download | wireguard-linux-d7cecb676dd364b28a5a8f5e4a30ce2e9cfdfcc3.tar.xz wireguard-linux-d7cecb676dd364b28a5a8f5e4a30ce2e9cfdfcc3.zip | |
ima: Support platform keyring for kernel appraisal
On secure boot enabled systems, the bootloader verifies the kernel
image and possibly the initramfs signatures based on a set of keys. A
soft reboot(kexec) of the system, with the same kernel image and
initramfs, requires access to the original keys to verify the
signatures.
This patch allows IMA-appraisal access to those original keys, now
loaded on the platform keyring, needed for verifying the kernel image
and initramfs signatures.
[zohar@linux.ibm.com: only use platform keyring if it's enabled (Thiago)]
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions