core: load IPE policy on boot

IPE is a new LSM being introduced in 6.12. Like IMA, it works based on a policy file that has to be loaded at boot, the earlier the better. So like IMA, if such a policy is present, load it and activate it. If there are any .p7b files in /etc/ipe/, load them as policies. The files have to be inline signed in DER format as per IPE documentation. For more information on the details of IPE: https://microsoft.github.io/ipe/
author: Luca Boccassi <bluca@debian.org> 2024-09-14 14:27:53 +0200
committer: Lennart Poettering <lennart@poettering.net> 2024-10-02 18:29:43 +0200
commit: 394c61416c19bcc3231d3f717b72ef9d90b89ee7 (patch)
tree: 7576ce2a659f818c11773f34e153b64459c6062a /meson_options.txt
parent: Merge pull request #34447 from DaanDeMeyer/homectl-firstboot-groups (diff)
download: systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.tar.xz
systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/meson_options.txt b/meson_options.txt
index 46e3ac55f7..ec3688ab33 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -388,6 +388,8 @@ option('polkit', type : 'feature', deprecated : { 'true' : 'enabled', 'false' :
        description : 'polkit support')
 option('ima', type : 'boolean',
        description : 'IMA support')
+option('ipe', type : 'boolean',
+       description : 'IPE support')
 
 option('acl', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'libacl support')
author	Luca Boccassi <bluca@debian.org>	2024-09-14 14:27:53 +0200
committer	Lennart Poettering <lennart@poettering.net>	2024-10-02 18:29:43 +0200
commit	394c61416c19bcc3231d3f717b72ef9d90b89ee7 (patch)
tree	7576ce2a659f818c11773f34e153b64459c6062a /meson_options.txt
parent	Merge pull request #34447 from DaanDeMeyer/homectl-firstboot-groups (diff)
download	systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.tar.xz systemd-394c61416c19bcc3231d3f717b72ef9d90b89ee7.zip