summaryrefslogtreecommitdiff
path: root/Documentation/admin-guide
diff options
context:
space:
mode:
authorLakshmi Ramasubramanian <nramas@linux.microsoft.com>2021-01-08 07:07:07 +0300
committerMimi Zohar <zohar@linux.ibm.com>2021-01-15 07:41:43 +0300
commit03cee168366621db85000cec47f5cefdb83e049b (patch)
tree8354f0f679bc9e85a986b26d803bfc9da0e5b9f8 /Documentation/admin-guide
parent9f5d7d23cc5ec61a92076b73665fcb9aaa5bb5a0 (diff)
downloadlinux-03cee168366621db85000cec47f5cefdb83e049b.tar.xz
IMA: define a builtin critical data measurement policy
Define a new critical data builtin policy to allow measuring early kernel integrity critical data before a custom IMA policy is loaded. Update the documentation on kernel parameters to document the new critical data builtin policy. Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'Documentation/admin-guide')
-rw-r--r--Documentation/admin-guide/kernel-parameters.txt5
1 files changed, 4 insertions, 1 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 9e3cdb271d06..65a0c4c9ab18 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1746,7 +1746,7 @@
ima_policy= [IMA]
The builtin policies to load during IMA setup.
Format: "tcb | appraise_tcb | secure_boot |
- fail_securely"
+ fail_securely | critical_data"
The "tcb" policy measures all programs exec'd, files
mmap'd for exec, and all files opened with the read
@@ -1765,6 +1765,9 @@
filesystems with the SB_I_UNVERIFIABLE_SIGNATURE
flag.
+ The "critical_data" policy measures kernel integrity
+ critical data.
+
ima_tcb [IMA] Deprecated. Use ima_policy= instead.
Load a policy which meets the needs of the Trusted
Computing Base. This means IMA will measure all
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-04 12:18:46 +0300