[PATCH v9 4/8] powerpc/ima: define trusted boot policy
Lakshmi Ramasubramanian
nramas at linux.microsoft.com
Fri Oct 25 04:40:36 AEDT 2019
On 10/23/2019 8:47 PM, Nayna Jain wrote:
> +/*
> + * The "secure_and_trusted_rules" contains rules for both the secure boot and
> + * trusted boot. The "template=ima-modsig" option includes the appended
> + * signature, when available, in the IMA measurement list.
> + */
> +static const char *const secure_and_trusted_rules[] = {
> + "measure func=KEXEC_KERNEL_CHECK template=ima-modsig",
> + "measure func=MODULE_CHECK template=ima-modsig",
> + "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig",
> +#ifndef CONFIG_MODULE_SIG_FORCE
> + "appraise func=MODULE_CHECK appraise_type=imasig|modsig",
> +#endif
> + NULL
> +};
Same comment as earlier - any way to avoid using conditional compilation
in C file?
-lakshmi
More information about the Linuxppc-dev
mailing list