ima: add support for measuring and appraising firmware
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 22 Jul 2014 14:39:48 +0000 (10:39 -0400)
committerKees Cook <keescook@chromium.org>
Fri, 25 Jul 2014 18:47:46 +0000 (11:47 -0700)
commit5a9196d715607f76d6b7d96a0970d6065335e62b
treedf323588d1026b947e489c5fb9c83299dbcb9689
parent6593d9245bc66e6e3cf4ba6d365a7833110c1402
ima: add support for measuring and appraising firmware

The "security: introduce kernel_fw_from_file hook" patch defined a
new security hook to evaluate any loaded firmware that wasn't built
into the kernel.

This patch defines ima_fw_from_file(), which is called from the new
security hook, to measure and/or appraise the loaded firmware's
integrity.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Documentation/ABI/testing/ima_policy
include/linux/ima.h
security/integrity/ima/ima.h
security/integrity/ima/ima_appraise.c
security/integrity/ima/ima_main.c
security/integrity/ima/ima_policy.c
security/integrity/integrity.h
security/security.c