GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-20 21:51:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ima: add support for measuring and appraising firmware

Browse source 
The "security: introduce kernel_fw_from_file hook" patch defined a
new security hook to evaluate any loaded firmware that wasn't built
into the kernel.

This patch defines ima_fw_from_file(), which is called from the new
security hook, to measure and/or appraise the loaded firmware's
integrity.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Mimi Zohar 2014-07-22 10:39:48 -04:00 committed by Kees Cook
parent 6593d9245b
commit 5a9196d715
8 changed files with 50 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
include/linux/ima.h
View file

@ -19,6 +19,7 @@ extern int ima_file_check(struct file *file, int mask);
extern void ima_file_free(struct file *file);
extern int ima_file_mmap(struct file *file, unsigned long prot);
extern int ima_module_check(struct file *file);
extern int ima_fw_from_file(struct file *file, char *buf, size_t size);
#else
static inline int ima_bprm_check(struct linux_binprm *bprm)
@ -46,6 +47,11 @@ static inline int ima_module_check(struct file *file)
return 0;
}
static inline int ima_fw_from_file(struct file *file, char *buf, size_t size)
{
return 0;
}
#endif /* CONFIG_IMA */
#ifdef CONFIG_IMA_APPRAISE