From 394c61416c19bcc3231d3f717b72ef9d90b89ee7 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Sat, 14 Sep 2024 14:27:53 +0200
Subject: core: load IPE policy on boot

IPE is a new LSM being introduced in 6.12. Like IMA, it works based on a
policy file that has to be loaded at boot, the earlier the better. So
like IMA, if such a policy is present, load it and activate it.

If there are any .p7b files in /etc/ipe/, load them as policies.
The files have to be inline signed in DER format as per IPE documentation.

For more information on the details of IPE:

https://microsoft.github.io/ipe/
---
 meson_options.txt | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meson_options.txt')

diff --git a/meson_options.txt b/meson_options.txt
index 46e3ac55f7..ec3688ab33 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -388,6 +388,8 @@ option('polkit', type : 'feature', deprecated : { 'true' : 'enabled', 'false' :
        description : 'polkit support')
 option('ima', type : 'boolean',
        description : 'IMA support')
+option('ipe', type : 'boolean',
+       description : 'IPE support')
 
 option('acl', type : 'feature', deprecated : { 'true' : 'enabled', 'false' : 'disabled' },
        description : 'libacl support')
-- 
cgit v1.2.3