lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 May 2020 22:43:44 +1000 (AEST) From: Michael Ellerman <patch-notifications@...erman.id.au> To: Nayna Jain <nayna@...ux.ibm.com>, linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org Cc: Mimi Zohar <zohar@...ux.ibm.com>, Michael Ellerman <mpe@...erman.id.au>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] powerpc/ima: fix secure boot rules in ima arch policy On Fri, 1 May 2020 10:16:52 -0400, Nayna Jain wrote: > To prevent verifying the kernel module appended signature twice > (finit_module), once by the module_sig_check() and again by IMA, powerpc > secure boot rules define an IMA architecture specific policy rule > only if CONFIG_MODULE_SIG_FORCE is not enabled. This, unfortunately, does > not take into account the ability of enabling "sig_enforce" on the boot > command line (module.sig_enforce=1). > > [...] Applied to powerpc/fixes. [1/1] powerpc/ima: Fix secure boot rules in ima arch policy https://git.kernel.org/powerpc/c/fa4f3f56ccd28ac031ab275e673ed4098855fed4 cheers
Powered by blists - more mailing lists