]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit - init/main.c
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fd5f4e9) | patch
integrity: provide a hook to load keys when rootfs is ready
authorDmitry Kasatkin <d.kasatkin@samsung.com>
Wed, 5 Nov 2014 15:01:15 +0000 (17:01 +0200)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 18 Nov 2014 04:12:01 +0000 (23:12 -0500)
commitc9cd2ce2bc6313aafa33f8e28d29a8690252f219
tree6918661e956daa2bb688ea70103df3cc8859e246tree
parentfd5f4e9054acbf4f22fac81a358baf3c27aa42accommit | diff
integrity: provide a hook to load keys when rootfs is ready

Keys can only be loaded once the rootfs is mounted. Initcalls
are not suitable for that. This patch defines a special hook
to load the x509 public keys onto the IMA keyring, before
attempting to access any file. The keys are required for
verifying the file's signature. The hook is called after the
root filesystem is mounted and before the kernel calls 'init'.

Changes in v3:
* added more explanation to the patch description (Mimi)

Changes in v2:
* Hook renamed as 'integrity_load_keys()' to handle both IMA and EVM
  keys by integrity subsystem.
* Hook patch moved after defining loading functions

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
include/linux/integrity.h diff | blob | blame | history
init/main.c diff | blob | blame | history
security/integrity/iint.c diff | blob | blame | history
Ubuntu Artful kernel mirror