Re: [PATCH] x86/ima: require signed kernel modules

From: Nayna
Date: Tue Feb 05 2019 - 11:11:03 EST

Next message: Bartosz Golaszewski: "Re: [PATCH 00/35] ARM: davinci: modernize the irq support"
Previous message: Stacy: "Need to retouch your photos?"
In reply to: Mimi Zohar: "Re: [PATCH] x86/ima: require signed kernel modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/31/2019 02:18 PM, Mimi Zohar wrote:

Require signed kernel modules on systems with secure boot mode enabled.

To coordinate between appended kernel module signatures and IMA
signatures, only define an IMA MODULE_CHECK policy rule if
CONFIG_MODULE_SIG is not enabled.

This patch defines a function named set_module_sig_required() and renames
is_module_sig_enforced() to is_module_sig_enforced_or_required(). The
call to set_module_sig_required() is dependent on CONFIG_IMA_ARCH_POLICY
being enabled.

Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---

Reviewed-by: Nayna Jain <nayna@xxxxxxxxxxxxx>

Thanks & Regards,
ÂÂÂÂ - Nayna

Next message: Bartosz Golaszewski: "Re: [PATCH 00/35] ARM: davinci: modernize the irq support"
Previous message: Stacy: "Need to retouch your photos?"
In reply to: Mimi Zohar: "Re: [PATCH] x86/ima: require signed kernel modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]