This patch set defines a generic method for measuring/appraising
files read by the kernel.  The IMA policy language is extended to
support measuring/appraising a kexec'ed image (KEXEC_CHECK) and 
initramfs (INITRAMFS_CHECK).  The last patch replaces the existing
IMA firmware hook with a generic hook.

Mimi

Dmitry Kasatkin (1):
  ima: separate 'security.ima' reading functionality from collect

Mimi Zohar (4):
  ima: measure and appraise kexec image
  ima: ignore the kexec cache status
  ima: measure/appraise the initramfs being kexec'ed
  ima: read firmware only once

 Documentation/ABI/testing/ima_policy      |  2 +-
 drivers/base/firmware_class.c             |  7 ++-
 include/linux/ima.h                       | 18 +++++++-
 kernel/kexec_file.c                       | 17 ++++---
 security/integrity/ima/ima.h              | 23 +++++-----
 security/integrity/ima/ima_api.c          | 51 +++++++++++++++------
 security/integrity/ima/ima_appraise.c     | 37 ++++++++++------
 security/integrity/ima/ima_crypto.c       | 44 +++++++++++++-----
 security/integrity/ima/ima_init.c         |  2 +-
 security/integrity/ima/ima_main.c         | 74 +++++++++++++++++++++++++------
 security/integrity/ima/ima_policy.c       | 23 +++++++---
 security/integrity/ima/ima_template.c     |  2 -
 security/integrity/ima/ima_template_lib.c |  3 +-
 security/integrity/integrity.h            | 10 ++---
 security/security.c                       |  6 +--
 15 files changed, 227 insertions(+), 92 deletions(-)

-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to