[PATCH v2 1/9] ima: based on policy verify firmware signatures (pre-allocated buffer)
Mimi Zohar
zohar at linux.vnet.ibm.com
Thu May 17 14:48:42 UTC 2018
Don't differentiate between kernel_read_file_id READING_FIRMWARE and
READING_FIRMWARE_PREALLOC_BUFFER enumerations.
Fixes: a098ecd firmware: support loading into a pre-allocated buffer (since 4.8)
Signed-off-by: Mimi Zohar <zohar at linux.vnet.ibm.com>
Cc: Luis R. Rodriguez <mcgrof at suse.com>
Cc: David Howells <dhowells at redhat.com>
Cc: Kees Cook <keescook at chromium.org>
Cc: Serge E. Hallyn <serge at hallyn.com>
Cc: Stephen Boyd <stephen.boyd at linaro.org>
---
security/integrity/ima/ima_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index e771b736aa03..83f84928ad76 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -447,6 +447,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
static int read_idmap[READING_MAX_ID] = {
[READING_FIRMWARE] = FIRMWARE_CHECK,
+ [READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK,
[READING_MODULE] = MODULE_CHECK,
[READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK,
[READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK,
--
2.7.5
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list