Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / f4dc37785e9b3373d0cb93125d5579fed2af3a43
commitf4dc37785e9b3373d0cb93125d5579fed2af3a43[log] [tgz]
authorDmitry Kasatkin <dmitry.kasatkin@huawei.com>Thu Oct 22 21:26:10 2015 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>Mon Nov 23 14:30:02 2015 -0500
treeb1bed1b8038d92770cc9881a1ad57b97e1b57dc3
parentebd68df3f24b318d391d15c458d6f43f340ba36a [diff]
integrity: define '.evm' as a builtin 'trusted' keyring

Require all keys added to the EVM keyring be signed by an
existing trusted key on the system trusted keyring.

This patch also switches IMA to use integrity_init_keyring().

Changes in v3:
* Added 'init_keyring' config based variable to skip initializing
  keyring instead of using  __integrity_init_keyring() wrapper.
* Added dependency back to CONFIG_IMA_TRUSTED_KEYRING

Changes in v2:
* Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common
  CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option
* Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config
  file compatibility. (Mimi Zohar)

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
7 files changed
tree: b1bed1b8038d92770cc9881a1ad57b97e1b57dc3
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS