On 01/31/2019 02:18 PM, Mimi Zohar wrote:
Require signed kernel modules on systems with secure boot mode enabled. To coordinate between appended kernel module signatures and IMA signatures, only define an IMA MODULE_CHECK policy rule if CONFIG_MODULE_SIG is not enabled. This patch defines a function named set_module_sig_required() and renames is_module_sig_enforced() to is_module_sig_enforced_or_required(). The call to set_module_sig_required() is dependent on CONFIG_IMA_ARCH_POLICY being enabled. Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> ---
Reviewed-by: Nayna Jain <nayna@xxxxxxxxxxxxx> Thanks & Regards, - Nayna