1
linux/security/integrity
Dmitry Kasatkin fd5f4e9054 ima: load x509 certificate from the kernel
Define configuration option to load X509 certificate into the
IMA trusted kernel keyring. It implements ima_load_x509() hook
to load X509 certificate into the .ima trusted kernel keyring
from the root filesystem.

Changes in v3:
* use ima_policy_flag in ima_get_action()
  ima_load_x509 temporarily clears ima_policy_flag to disable
  appraisal to load key. Use it to skip appraisal rules.
* Key directory path changed to /etc/keys (Mimi)
* Expand IMA_LOAD_X509 Kconfig help

Changes in v2:
* added '__init'
* use ima_policy_flag to disable appraisal to load keys

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-11-17 23:12:00 -05:00
..
evm evm: skip replacing EVM signature with HMAC on read-only filesystem 2014-10-07 14:32:53 -04:00
ima ima: load x509 certificate from the kernel 2014-11-17 23:12:00 -05:00
digsig_asymmetric.c integrity: do zero padding of the key id 2014-10-06 17:33:27 +01:00
digsig.c integrity: provide a function to load x509 certificate from the kernel 2014-11-17 23:11:59 -05:00
iint.c integrity: define a new function integrity_read_file() 2014-11-17 23:09:18 -05:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
integrity.h ima: load x509 certificate from the kernel 2014-11-17 23:12:00 -05:00
Kconfig integrity: base integrity subsystem kconfig options on integrity 2014-09-09 10:28:56 -04:00
Makefile integrity: make integrity files as 'integrity' module 2014-09-09 10:28:58 -04:00