On Thu, 14 Feb 2019, Mimi Zohar wrote: > Hi James, > > Linux 5.0 introduced the platform keyring to allow verifying the IMA > kexec kernel image signature using the pre-boot keys. This pull > request similarly makes keys on the platform keyring accessible for > verifying the PE kernel image signature.* > > Also included in this pull request is a new IMA hook that tags tmp > files, in policy, indicating the file hash needs to be calculated. > The remaining patches are cleanup. > > *Upstream commit "993a110319a4 (x86/kexec: Fix a kexec_file_load() > failure)" is required for testing. > Thanks! Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-integrity and next-testing. -- James Morris <jmorris@xxxxxxxxx>
