Re: [PATCH v7 7/8] IMA: define a builtin critical data measurement policy

From: Tushar Sugandhi
Date: Thu Dec 10 2020 - 20:32:27 EST




On 2020-12-10 3:22 p.m., Tyler Hicks wrote:
On 2020-12-09 11:42:11, Tushar Sugandhi wrote:
From: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx>

Define a new critical data builtin policy to allow measuring
early kernel integrity critical data before a custom IMA policy
is loaded.

Add critical data to built-in IMA rules if the kernel command line
contains "ima_policy=critical_data".

Update the documentation on kernel parameters to document
the new critical data builtin policy.

Signed-off-by: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx>

Reviewed-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxxx>

Tyler

Thanks for the review.

~Tushar