Re: [PATCH v5 4/4] IMA: Handle early boot data measurement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/29/20 8:47 PM, Lakshmi Ramasubramanian wrote:

Hi Tyler,


diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 080c53545ff0..86cba844f73c 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -322,10 +322,9 @@ config IMA_MEASURE_ASYMMETRIC_KEYS
  	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
  	default y
-config IMA_QUEUE_EARLY_BOOT_KEYS 
+config IMA_QUEUE_EARLY_BOOT_DATA
  	bool
-	depends on IMA_MEASURE_ASYMMETRIC_KEYS
-	depends on SYSTEM_TRUSTED_KEYRING
+	depends on SECURITY || (IMA_MEASURE_ASYMMETRIC_KEYS && SYSTEM_TRUSTED_KEYRING)
  	default y
Similar to the change you'd suggested for validating LSM_STATE and LSM_POLICY func, I think IMA_QUEUE_EARLY_BOOT_DATA config should be enabled for SECURITY_SELINUX. 

depends on SECURITY_SELINUX ||
           (IMA_MEASURE_ASYMMETRIC_KEYS && SYSTEM_TRUSTED_KEYRING)

And, when more security modules are added update this CONFIG as appropriate.

Does that sound okay?

 -lakshmi
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux