[GIT PULL] integrity subsystem updates for v5.13
From: Mimi Zohar
Date: Wed Apr 28 2021 - 09:47:07 EST
Hi Linus,
In addition to loading the kernel module signing key onto the builtin
keyring, load it onto the IMA keyring as well. In addition are six
trivial changes and bug fixes.
thanks,
Mimi
The following changes since commit 92063f3ca73aab794bd5408d3361fd5b5ea33079:
integrity: double check iint_cache was initialized (2021-03-22 14:54:11 -0400)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v5.13
for you to fetch changes up to 781a5739489949fd0f32432a9da17f7ddbccf1cc:
ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies (2021-04-26 21:54:23 -0400)
----------------------------------------------------------------
integrity-v5.13
----------------------------------------------------------------
Gustavo A. R. Silva (1):
ima: Fix fall-through warnings for Clang
Jiele Zhao (2):
ima: Fix function name error in comment.
integrity: Add declarations to init_once void arguments.
Li Huafei (1):
ima: Fix the error code for restoring the PCR value
Mimi Zohar (2):
ima: without an IMA policy loaded, return quickly
Merge branch 'ima-module-signing-v4' into next-integrity
Nayna Jain (4):
keys: cleanup build time module signing keys
ima: enable signing of modules with build time generated key
ima: enable loading of build time generated key on .ima keyring
ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies
Makefile | 6 ++---
certs/Kconfig | 2 +-
certs/Makefile | 10 +++++++
certs/system_certificates.S | 14 +++++++++-
certs/system_keyring.c | 50 ++++++++++++++++++++++++++++-------
include/keys/system_keyring.h | 7 +++++
init/Kconfig | 6 ++---
security/integrity/digsig.c | 2 ++
security/integrity/iint.c | 2 +-
security/integrity/ima/ima_main.c | 9 ++++++-
security/integrity/ima/ima_policy.c | 2 ++
security/integrity/ima/ima_template.c | 4 +--
12 files changed, 92 insertions(+), 22 deletions(-)