[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jL8_nbUKKNO-PCyGwOdQ+vjPZ7_17FKNH1fssgtfjk=Rw@mail.gmail.com>
Date: Sat, 14 Jul 2018 19:28:28 -0700
From: Kees Cook <keescook@...omium.org>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: linux-integrity <linux-integrity@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
"Luis R . Rodriguez" <mcgrof@...nel.org>,
Eric Biederman <ebiederm@...ssion.com>,
Kexec Mailing List <kexec@...ts.infradead.org>,
Andres Rodriguez <andresx7@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH v6 6/8] ima: add build time policy
On Fri, Jul 13, 2018 at 11:06 AM, Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
> IMA by default does not measure, appraise or audit files, but can be
> enabled at runtime by specifying a builtin policy on the boot command line
> or by loading a custom policy.
>
> This patch defines a build time policy, which verifies kernel modules,
> firmware, kexec image, and/or the IMA policy signatures. This build time
> policy is automatically enabled at runtime and persists after loading a
> custom policy.
>
> Signed-off-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Reviewed-by: Kees Cook <keescook@...omium.org>
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists