Re: [RFC PATCH v10 9/9] powerpc/ima: indicate kernel modules appended signatures are enforced

[Michael Ellerman]

On Thu, 2019-10-31 at 03:31:34 UTC, Mimi Zohar wrote:
> The arch specific kernel module policy rule requires kernel modules to
> be signed, either as an IMA signature, stored as an xattr, or as an
> appended signature.  As a result, kernel modules appended signatures
> could be enforced without "sig_enforce" being set or reflected in
> /sys/module/module/parameters/sig_enforce.  This patch sets
> "sig_enforce".
> 
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> Cc: Jessica Yu <jeyu@xxxxxxxxxx>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/d72ea4915c7e6fa5e7b9022a34df66e375bfe46c

cheers