Re: [PATCH v9 4/8] powerpc/ima: define trusted boot policy

From: Lakshmi Ramasubramanian
Date: Thu Oct 24 2019 - 13:40:21 EST

Next message: John Hubbard: "Re: [PATCH v2] mm: gup: fix comment of __get_user_pages()"
Previous message: Bjorn Helgaas: "Re: [PATCH] PCI: Warn about host bridge device when its numa node is NO_NODE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/23/2019 8:47 PM, Nayna Jain wrote:

+/*
+ * The "secure_and_trusted_rules" contains rules for both the secure boot and
+ * trusted boot. The "template=ima-modsig" option includes the appended
+ * signature, when available, in the IMA measurement list.
+ */
+static const char *const secure_and_trusted_rules[] = {
+ "measure func=KEXEC_KERNEL_CHECK template=ima-modsig",
+ "measure func=MODULE_CHECK template=ima-modsig",
+ "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig",
+#ifndef CONFIG_MODULE_SIG_FORCE
+ "appraise func=MODULE_CHECK appraise_type=imasig|modsig",
+#endif
+ NULL
+};

Same comment as earlier - any way to avoid using conditional compilation in C file?

-lakshmi

Next message: John Hubbard: "Re: [PATCH v2] mm: gup: fix comment of __get_user_pages()"
Previous message: Bjorn Helgaas: "Re: [PATCH] PCI: Warn about host bridge device when its numa node is NO_NODE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]