[PATCH v3] ima: add a new CONFIG for loading arch-specific policies

Michael Ellerman mpe at ellerman.id.au
Thu Mar 12 22:15:54 AEDT 2020


Nayna Jain <nayna at linux.ibm.com> writes:
> From: Nayna Jain <nayna at linux.vnet.ibm.com>
>
> Every time a new architecture defines the IMA architecture specific
> functions - arch_ima_get_secureboot() and arch_ima_get_policy(), the IMA
> include file needs to be updated. To avoid this "noise", this patch
> defines a new IMA Kconfig IMA_SECURE_AND_OR_TRUSTED_BOOT option, allowing
> the different architectures to select it.
>
> Suggested-by: Linus Torvalds <torvalds at linux-foundation.org>
> Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
> Acked-by: Ard Biesheuvel <ardb at kernel.org>
> Cc: Ard Biesheuvel <ardb at kernel.org>
> Cc: Philipp Rudo <prudo at linux.ibm.com>
> Cc: Michael Ellerman <mpe at ellerman.id.au>
> ---
> v3:
> * Removes CONFIG_IMA dependency. Thanks Ard.
> * Updated the patch with improvements suggested by Michael. It now uses
> "imply" instead of "select". Thanks Michael.

Acked-by: Michael Ellerman <mpe at ellerman.id.au> (powerpc)

cheers


More information about the Linuxppc-dev mailing list