core: load IPE policy on boot

IPE is a new LSM being introduced in 6.12. Like IMA, it works based on a policy file that has to be loaded at boot, the earlier the better. So like IMA, if such a policy is present, load it and activate it. If there are any .p7b files in /etc/ipe/, load them as policies. The files have to be inline signed in DER format as per IPE documentation. For more information on the details of IPE: https://microsoft.github.io/ipe/
author: Luca Boccassi <bluca@debian.org> 2024-09-14 14:27:53 +0200
committer: Lennart Poettering <lennart@poettering.net> 2024-10-02 18:29:43 +0200
commit: 394c61416c19bcc3231d3f717b72ef9d90b89ee7 (patch)
tree: 7576ce2a659f818c11773f34e153b64459c6062a /meson.build
parent: Merge pull request #34447 from DaanDeMeyer/homectl-firstboot-groups (diff)
download: systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.tar.xz
systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/meson.build b/meson.build
index 724c48adc8..e258a65a1a 100644
--- a/meson.build
+++ b/meson.build
@@ -1661,6 +1661,7 @@ foreach term : ['analyze',
                 'hwdb',
                 'idn',
                 'ima',
+                'ipe',
                 'initrd',
                 'kernel-install',
                 'ldconfig',
author	Luca Boccassi <bluca@debian.org>	2024-09-14 14:27:53 +0200
committer	Lennart Poettering <lennart@poettering.net>	2024-10-02 18:29:43 +0200
commit	394c61416c19bcc3231d3f717b72ef9d90b89ee7 (patch)
tree	7576ce2a659f818c11773f34e153b64459c6062a /meson.build
parent	Merge pull request #34447 from DaanDeMeyer/homectl-firstboot-groups (diff)
download	systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.tar.xz systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.zip