diff options
| author | Prakhar Srivastava <prsriva02@gmail.com> | 2019-06-23 23:23:29 -0700 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2019-06-24 08:29:57 -0400 |
| commit | b0935123a18360d19f1dcc779ea33841cdc304cc (patch) | |
| tree | f7f069f94312da4302ad6b1b793d4f6c90eb5bc0 /security/integrity/ima/ima.h | |
| parent | 19453ce0bcfbdf7332a104eebf5d835977af7284 (diff) | |
IMA: Define a new hook to measure the kexec boot command line arguments
Currently during soft reboot(kexec_file_load) boot command line
arguments are not measured. Define hooks needed to measure kexec
command line arguments during soft reboot(kexec_file_load).
- A new ima hook ima_kexec_cmdline is defined to be called by the
kexec code.
- A new function process_buffer_measurement is defined to measure
the buffer hash into the IMA measurement list.
- A new func policy KEXEC_CMDLINE is defined to control the
measurement.
Signed-off-by: Prakhar Srivastava <prsriva02@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima.h')
| -rw-r--r-- | security/integrity/ima/ima.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index e7b9ea7732d9..bdca641f9e51 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -190,6 +190,7 @@ static inline unsigned long ima_hash_key(u8 *digest) hook(KEXEC_KERNEL_CHECK) \ hook(KEXEC_INITRAMFS_CHECK) \ hook(POLICY_CHECK) \ + hook(KEXEC_CMDLINE) \ hook(MAX_CHECK) #define __ima_hook_enumify(ENUM) ENUM, |