iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ima: add support for measuring and appraising firmware

Browse Source 
The "security: introduce kernel_fw_from_file hook" patch defined a
new security hook to evaluate any loaded firmware that wasn't built
into the kernel.

This patch defines ima_fw_from_file(), which is called from the new
security hook, to measure and/or appraise the loaded firmware's
integrity.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Mimi Zohar
2014-07-22 10:39:48 -04:00
committed by Kees Cook
parent 6593d9245b
commit 5a9196d715
8 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
security/security.c
View File

@@ -847,7 +847,12 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode)
int security_kernel_fw_from_file(struct file *file, char *buf, size_t size)
{
return security_ops->kernel_fw_from_file(file, buf, size);
int ret;
ret = security_ops->kernel_fw_from_file(file, buf, size);
if (ret)
return ret;
return ima_fw_from_file(file, buf, size);
}
EXPORT_SYMBOL_GPL(security_kernel_fw_from_file);