diff options
| author | Lakshmi Ramasubramanian <nramas@linux.microsoft.com> | 2019-12-11 17:47:04 +0100 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2019-12-12 14:53:50 +0100 |
| commit | 88e70da170e8945f6b1c1299083d1b942705beb5 (patch) | |
| tree | 9cb77512be5486c88a2a29612ec8733108850d78 /security/integrity/ima/Makefile | |
| parent | IMA: Add KEY_CHECK func to measure keys (diff) | |
| download | linux-88e70da170e8945f6b1c1299083d1b942705beb5.tar.xz linux-88e70da170e8945f6b1c1299083d1b942705beb5.zip | |
IMA: Define an IMA hook to measure keys
Measure asymmetric keys used for verifying file signatures,
certificates, etc.
This patch defines a new IMA hook namely ima_post_key_create_or_update()
to measure the payload used to create a new asymmetric key or
update an existing asymmetric key.
Asymmetric key structure is defined only when
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is defined. Since the IMA hook
measures asymmetric keys, the IMA hook is defined in a new file namely
ima_asymmetric_keys.c which is built only if
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE is defined.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/Makefile')
| -rw-r--r-- | security/integrity/ima/Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile index 31d57cdf2421..207a0a9eb72c 100644 --- a/security/integrity/ima/Makefile +++ b/security/integrity/ima/Makefile @@ -12,3 +12,4 @@ ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o obj-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o +obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += ima_asymmetric_keys.o |