On Tue, 2019-11-05 at 23:02:07 UTC, Eric Richter wrote: > From: Nayna Jain <nayna@xxxxxxxxxxxxx> > > While secure boot permits only properly verified signed kernels to be > booted, trusted boot calculates the file hash of the kernel image and > stores the measurement prior to boot, that can be subsequently compared > against good known values via attestation services. > > This patch reads the trusted boot state of a PowerNV system. The state > is used to conditionally enable additional measurement rules in the IMA > arch-specific policies. > > Signed-off-by: Nayna Jain <nayna@xxxxxxxxxxxxx> > Signed-off-by: Eric Richter <erichte@xxxxxxxxxxxxx> Applied to powerpc next, thanks. https://git.kernel.org/powerpc/c/2702809a4a1ab414d75c00936cda70ea77c8234e cheers
