diff options
author | Nayna Jain <nayna@linux.ibm.com> | 2019-10-30 23:31:27 -0400 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2019-11-12 12:25:49 +1100 |
commit | 4238fad366a660cbc6499ca1ea4be42bd4d1ac5b (patch) | |
tree | ddfe3283dacee87a13c8191073b86d2b990c2a01 /arch/powerpc/kernel/Makefile | |
parent | 1a8916ee3ac29054322cdac687d36e1b5894d272 (diff) | |
download | linux-4238fad366a660cbc6499ca1ea4be42bd4d1ac5b.tar.bz2 |
powerpc/ima: Add support to initialize ima policy rules
PowerNV systems use a Linux-based bootloader, which rely on the IMA
subsystem to enforce different secure boot modes. Since the
verification policy may differ based on the secure boot mode of the
system, the policies must be defined at runtime.
This patch implements arch-specific support to define IMA policy rules
based on the runtime secure boot mode of the system.
This patch provides arch-specific IMA policies if PPC_SECURE_BOOT
config is enabled.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1572492694-6520-3-git-send-email-zohar@linux.ibm.com
Diffstat (limited to 'arch/powerpc/kernel/Makefile')
-rw-r--r-- | arch/powerpc/kernel/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index e2a54fa240ac..e8eb2955b7d5 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -161,7 +161,7 @@ ifneq ($(CONFIG_PPC_POWERNV)$(CONFIG_PPC_SVM),) obj-y += ucall.o endif -obj-$(CONFIG_PPC_SECURE_BOOT) += secure_boot.o +obj-$(CONFIG_PPC_SECURE_BOOT) += secure_boot.o ima_arch.o # Disable GCOV, KCOV & sanitizers in odd or sensitive code GCOV_PROFILE_prom_init.o := n |