projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ima: load x509 certificate from the kernel
[firefly-linux-kernel-4.4.55.git] / security / integrity / ima / ima_init.c
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 9164fc8cac84adb53d79b867d7547fcaaf35aa70..5e4c29d174eee3b9281e83c4c9f0e2dac5b390a1 100644 (file)
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -24,6 +24,12 @@
 #include <crypto/hash_info.h>
 #include "ima.h"
 
+#ifdef CONFIG_IMA_X509_PATH
+#define IMA_X509_PATH  CONFIG_IMA_X509_PATH
+#else
+#define IMA_X509_PATH  "/etc/keys/x509_ima.der"
+#endif
+
 /* name for boot aggregate entry */
 static const char *boot_aggregate_name = "boot_aggregate";
 int ima_used_chip;
@@ -91,6 +97,17 @@ err_out:
        return result;
 }
 
+#ifdef CONFIG_IMA_LOAD_X509
+void __init ima_load_x509(void)
+{
+       int unset_flags = ima_policy_flag & IMA_APPRAISE;
+
+       ima_policy_flag &= ~unset_flags;
+       integrity_load_x509(INTEGRITY_KEYRING_IMA, IMA_X509_PATH);
+       ima_policy_flag |= unset_flags;
+}
+#endif
+
 int __init ima_init(void)
 {
        u8 pcr_i[TPM_DIGEST_SIZE];
Unnamed repository; edit this file 'description' to name the repository.