bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
9cdca336677b4d15579ec462e33c8a330ab3a9de
linux/security/integrity/ima/ima_efi.c
Thomas Weißschuh 658d5c72fc ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIG 
When configuration settings are disabled the guarded functions are
defined as empty stubs, so the check is unnecessary.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Aaron Tomlin <atomlin@atomlin.com>
Reviewed-by: Nicolas Schier <nsc@kernel.org>
[zohar@linux.ibm.com: fixed merge conflict with commit 63e8a44395a4]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2026-03-08 08:26:08 -04:00

34 lines
929 B
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0+ */
/*
* Copyright (C) 2018 IBM Corporation
*/
#include <linux/module.h>
#include <linux/ima.h>
#include <linux/secure_boot.h>
/* secureboot arch rules */
static const char * const sb_arch_rules[] = {
#if !IS_ENABLED(CONFIG_KEXEC_SIG)
"appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig",
#endif /* CONFIG_KEXEC_SIG */
"measure func=KEXEC_KERNEL_CHECK",
#if !IS_ENABLED(CONFIG_MODULE_SIG)
"appraise func=MODULE_CHECK appraise_type=imasig",
#endif
#if IS_ENABLED(CONFIG_INTEGRITY_MACHINE_KEYRING) && IS_ENABLED(CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY)
"appraise func=POLICY_CHECK appraise_type=imasig",
#endif
"measure func=MODULE_CHECK",
NULL
};
const char * const *arch_get_ima_policy(void)
{
if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_get_secureboot()) {
set_module_sig_enforced();
set_kexec_sig_enforced();
return sb_arch_rules;
}
return NULL;
}
Reference in New Issue View Git Blame Copy Permalink