Google Git
Sign in
linux / linux / kernel / git / zohar / linux-integrity / refs/heads/next-boot-cmdline
commit4e537d26a09d975c543fbb1f493ddcb559207eda[log] [tgz]
authorMimi Zohar <zohar@linux.vnet.ibm.com>Mon Jan 11 22:58:18 2016 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>Wed Jan 13 16:57:02 2016 -0500
tree0b5a22cd169bd2fdede6355cc50dd4de578c9010
parent8e3558cf3ba560408ecddcae934070fffa891f0c [diff]
ima: measure kexec boot command line

In addition to files, other things (eg. boot command line) need to be
measured to attest to the integrity of a running system.  A new IMA
hook named ima_buffer_check() calculates and includes the buffer hash
in the measurement list.  Callers of this hook provide the buffer,
buffer length and a policy identifier.

To measure the boot command line, this patch defines a new policy
identifier named BOOT_CHECK.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
6 files changed
tree: 0b5a22cd169bd2fdede6355cc50dd4de578c9010
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS