Merge branch 'next-integrity.defer-measuring-keys' into next-integrity - BMC/Intel-BMC/linux.git - Intel OpenBMC Linux kernel source tree (mirror)

diff options

author	Mimi Zohar <zohar@linux.ibm.com>	2020-01-24 01:24:35 +0300
committer	Mimi Zohar <zohar@linux.ibm.com>	2020-01-24 01:24:35 +0300
commit	d54e17b4066612d88c4ef3e5fb3115f12733763d (patch)
tree	3290001b6ae913d289b6eedb60f59acce50d64bf /security/keys
parent	5c7bac9fb2c5929a3b8600c45a972aabf9f410b5 (diff)
parent	5b3014b95272a432b7705142f7081967fc1547f9 (diff)
download	linux-d54e17b4066612d88c4ef3e5fb3115f12733763d.tar.xz

Merge branch 'next-integrity.defer-measuring-keys' into next-integrity

From patch set cover letter: The IMA subsystem supports measuring asymmetric keys when the key is created or updated[1]. But keys created or updated before a custom IMA policy is loaded are currently not measured. This includes keys added, for instance, to either the .ima or .builtin_trusted_keys keyrings, which happens early in the boot process. Measuring the early boot keys, by design, requires loading a custom IMA policy. This change adds support for queuing keys created or updated before a custom IMA policy is loaded. The queued keys are processed when a custom policy is loaded. Keys created or updated after a custom policy is loaded are measured immediately (not queued). In the case when a custom policy is not loaded within 5 minutes of IMA initialization, the queued keys are freed. [1] https://lore.kernel.org/linux-integrity/20191211164707.4698-1-nramas@linux.microsoft.com/

Diffstat (limited to 'security/keys')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: