Message ID | 1569594360-7141-10-git-send-email-nayna@linux.ibm.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | powerpc: Enabling IMA arch specific secure boot policies | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch next (6edfc6487b474fe01857dc3f1a9cd701bb9b21c8) |
snowpatch_ozlabs/apply_patch | fail | Failed to apply to any branch |
diff --git a/arch/powerpc/kernel/ima_arch.c b/arch/powerpc/kernel/ima_arch.c index 77c61b142042..3f57433c0824 100644 --- a/arch/powerpc/kernel/ima_arch.c +++ b/arch/powerpc/kernel/ima_arch.c @@ -24,9 +24,9 @@ bool arch_ima_get_secureboot(void) static const char *const arch_rules[] = { "measure func=KEXEC_KERNEL_CHECK template=ima-modsig", "measure func=MODULE_CHECK template=ima-modsig", - "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig", + "appraise func=KEXEC_KERNEL_CHECK appraise_flag=check_blacklist appraise_type=imasig|modsig", #if !IS_ENABLED(CONFIG_MODULE_SIG) - "appraise func=MODULE_CHECK appraise_type=imasig|modsig", + "appraise func=MODULE_CHECK appraise_flag=check_blacklist appraise_type=imasig|modsig", #endif NULL };
This patch updates the arch specific policies for PowernV systems to add check against blacklisted hashes before doing the verification. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> --- arch/powerpc/kernel/ima_arch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)