Re: [PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-04 Thread Michael Ellerman
James Bottomley writes: > On Wed, 2020-03-04 at 07:35 -0500, Mimi Zohar wrote: >> On Tue, 2020-03-03 at 23:43 -0800, James Bottomley wrote: >> > On Tue, 2020-03-03 at 21:33 -0500, Nayna Jain wrote: >> > > diff --git a/security/integrity/ima/Kconfig >> > > b/security/integrity/ima/Kconfig >> > > in

Re: [PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-04 Thread James Bottomley
On Wed, 2020-03-04 at 07:35 -0500, Mimi Zohar wrote: > On Tue, 2020-03-03 at 23:43 -0800, James Bottomley wrote: > > On Tue, 2020-03-03 at 21:33 -0500, Nayna Jain wrote: > > > diff --git a/security/integrity/ima/Kconfig > > > b/security/integrity/ima/Kconfig > > > index 3f3ee4e2eb0d..d17972aa413a 1

Re: [PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-04 Thread Philipp Rudo
On Wed, 04 Mar 2020 07:55:38 -0500 Mimi Zohar wrote: > [Cc'ing Thomas Gleixner and x86 mailing list] > > On Wed, 2020-03-04 at 08:14 +0100, Ard Biesheuvel wrote: > > On Wed, 4 Mar 2020 at 03:34, Nayna Jain wrote: > > > > > > Every time a new architecture defines the IMA architecture specific

Re: [PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-04 Thread Mimi Zohar
[Cc'ing Thomas Gleixner and x86 mailing list] On Wed, 2020-03-04 at 08:14 +0100, Ard Biesheuvel wrote: > On Wed, 4 Mar 2020 at 03:34, Nayna Jain wrote: > > > > Every time a new architecture defines the IMA architecture specific > > functions - arch_ima_get_secureboot() and arch_ima_get_policy(),

Re: [PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-04 Thread James Bottomley
On Tue, 2020-03-03 at 21:33 -0500, Nayna Jain wrote: > Every time a new architecture defines the IMA architecture specific > functions - arch_ima_get_secureboot() and arch_ima_get_policy(), the > IMA > include file needs to be updated. To avoid this "noise", this patch > defines a new IMA Kconfig I

Re: [PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-04 Thread Mimi Zohar
On Tue, 2020-03-03 at 23:43 -0800, James Bottomley wrote: > On Tue, 2020-03-03 at 21:33 -0500, Nayna Jain wrote: > > diff --git a/security/integrity/ima/Kconfig > > b/security/integrity/ima/Kconfig > > index 3f3ee4e2eb0d..d17972aa413a 100644 > > --- a/security/integrity/ima/Kconfig > > +++ b/secur

Re: [PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-03 Thread Ard Biesheuvel
On Wed, 4 Mar 2020 at 03:34, Nayna Jain wrote: > > Every time a new architecture defines the IMA architecture specific > functions - arch_ima_get_secureboot() and arch_ima_get_policy(), the IMA > include file needs to be updated. To avoid this "noise", this patch > defines a new IMA Kconfig IMA_SE

[PATCH v2] ima: add a new CONFIG for loading arch-specific policies

2020-03-03 Thread Nayna Jain
Every time a new architecture defines the IMA architecture specific functions - arch_ima_get_secureboot() and arch_ima_get_policy(), the IMA include file needs to be updated. To avoid this "noise", this patch defines a new IMA Kconfig IMA_SECURE_AND_OR_TRUSTED_BOOT option, allowing the different ar