On Wed, Feb 03, 2016 at 02:06:21PM -0500, Mimi Zohar wrote: > Replace the fw_read_file_contents with kernel_file_read_from_path(). > > Although none of the upstreamed LSMs define a kernel_fw_from_file hook, > IMA is called by the security function to prevent unsigned firmware from > being loaded and to measure/appraise signed firmware, based on policy. > > Instead of reading the firmware twice, once for measuring/appraising the > firmware and again for reading the firmware contents into memory, the > kernel_post_read_file() security hook calculates the file hash based on > the in memory file buffer. The firmware is read once. > > This patch removes the LSM kernel_fw_from_file() hook and security call. > > Changelog v3: > - remove kernel_fw_from_file hook > - use kernel_file_read_from_path() - requested by Luis > v2: > - reordered and squashed firmware patches > - fix MAX firmware size (Kees Cook) > > Signed-off-by: Mimi Zohar <zohar at linux.vnet.ibm.com> Acked-by: Luis R. Rodriguez <mcgrof at kernel.org> Luis
