iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/arch/powerpc/kernel
History
Nayna Jain fa4f3f56cc powerpc/ima: Fix secure boot rules in ima arch policy 
To prevent verifying the kernel module appended signature
twice (finit_module), once by the module_sig_check() and again by IMA,
powerpc secure boot rules define an IMA architecture specific policy
rule only if CONFIG_MODULE_SIG_FORCE is not enabled. This,
unfortunately, does not take into account the ability of enabling
"sig_enforce" on the boot command line (module.sig_enforce=1).

Including the IMA module appraise rule results in failing the
finit_module syscall, unless the module signing public key is loaded
onto the IMA keyring.

This patch fixes secure boot policy rules to be based on
CONFIG_MODULE_SIG instead.

Fixes: 4238fad366a6 ("powerpc/ima: Add support to initialize ima policy rules")
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Link: https://lore.kernel.org/r/1588342612-14532-1-git-send-email-nayna@linux.ibm.com
2020-05-07 17:25:54 +10:00
..
ptrace
powerpc/64: make buildable without CONFIG_COMPAT
2020-04-03 00:10:00 +11:00
syscalls
asm-generic: fix unistd_32.h generation format
2020-04-07 10:43:42 -07:00
trace
powerpc/ftrace: Enable HAVE_FUNCTION_GRAPH_RET_ADDR_PTR
2019-09-18 12:24:55 +10:00
vdso32
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
vdso64
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
align.c
powerpc/spe: Mark expected switch fall-throughs
2019-07-31 00:19:34 +10:00
asm-offsets.c
powerpc/32s: Fix DSI and ISI exceptions for CONFIG_VMAP_STACK
2020-02-18 21:31:11 +11:00
audit.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
btext.c
powerpc: Prefer __section and __printf from compiler_attributes.h
2020-03-27 00:16:32 +11:00
cacheinfo.c
powerpc updates for 5.3
2019-07-13 16:08:36 -07:00
cacheinfo.h
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
2019-06-15 16:52:06 +10:00
compat_audit.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
cpu_setup_6xx.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
cpu_setup_44x.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
cpu_setup_fsl_booke.S
powerpc/booke: Spelling s/date/data/
2019-11-17 01:56:31 -06:00
cpu_setup_pa6t.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
cpu_setup_power.S
powerpc/64s: Set reserved PCR bits
2019-09-21 08:36:53 +10:00
cpu_setup_ppc970.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
cputable.c
powerpc/cputable: Remove unnecessary copy of cpu_spec->oprofile_type
2020-04-01 14:30:51 +11:00
crash_dump.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230
2019-06-19 17:09:06 +02:00
dawr.c
powerpc/watchpoint: Fix length calculation for unaligned target
2019-11-13 16:58:03 +11:00
dbell.c
KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag
2019-09-24 12:46:26 +10:00
dma-iommu.c
powerpc updates for 5.4
2019-09-20 11:48:06 -07:00
dma-mask.c
dma-mapping, powerpc: simplify the arch dma_set_mask override
2019-02-18 22:41:03 +11:00
dma-swiotlb.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
dt_cpu_ftrs.c
powerpc/64: Setup a paca before parsing device tree etc.
2020-03-25 12:09:37 +11:00
early_32.c
powerpc/fsl_booke/32: implement KASLR infrastructure
2019-11-13 19:27:40 +11:00
eeh_cache.c
powerpc/eeh_cache: Don't use pci_dn when inserting new ranges
2020-01-23 21:31:18 +11:00
eeh_dev.c
powerpc/eeh: Add bdfn field to eeh_dev
2019-08-22 23:12:46 +10:00
eeh_driver.c
powerpc/eeh: Fix deadlock handling dead PHB
2020-02-17 12:47:05 +11:00
eeh_event.c
powerpc/eeh: Fix build with STACKTRACE=n
2019-09-14 00:01:14 +10:00
eeh_pe.c
powerpc/eeh: Clean up EEH PEs after recovery finishes
2019-09-05 14:22:37 +10:00
eeh_sysfs.c
powerpc/eeh_sysfs: Make clearing EEH_DEV_SYSFS saner
2020-01-23 21:31:19 +11:00
eeh.c
powerpc/eeh: Rework eeh_ops->probe()
2020-03-25 12:09:39 +11:00
entry_32.S
powerpc/mm: Fix CONFIG_PPC_KUAP_DEBUG on PPC32
2020-04-22 20:24:02 +10:00
entry_64.S
powerpc/64s/kuap: Restore AMR in fast_interrupt_return
2020-05-07 11:00:41 +10:00
epapr_hcalls.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
epapr_paravirt.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 266
2019-06-05 17:30:28 +02:00
exceptions-64e.S
powerpc/64s: Implement interrupt exit logic in C
2020-04-01 13:42:14 +11:00
exceptions-64s.S
powerpc/64s/kuap: Restore AMR in system reset exception
2020-05-04 15:21:28 +10:00
fadump.c
powerpc/kernel: no need to check return value of debugfs_create functions
2020-03-04 22:44:25 +11:00
firmware.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
fpu.S
powerpc/32s: Enable CONFIG_VMAP_STACK
2020-01-27 22:37:24 +11:00
fsl_booke_entry_mapping.S
powerpc/fsl_booke/32: implement KASLR infrastructure
2019-11-13 19:27:40 +11:00
head_8xx.S
powerpc/8xx: Fix clearing of bits 20-23 in ITLB miss
2020-02-17 12:47:06 +11:00
head_32.h
Merge branch 'fixes' into next
2020-03-10 15:16:42 +11:00
head_32.S
powerpc/32s: reorder Linux PTE bits to better match Hash PTE bits.
2020-03-25 12:09:27 +11:00
head_40x.S
powerpc/32: save DEAR/DAR before calling handle_page_fault
2020-01-26 22:15:09 +11:00
head_44x.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
head_64.S
powerpc/64s: Fix section mismatch warnings from boot code
2020-03-25 12:07:59 +11:00
head_booke.h
powerpc/32: Warn and return ENOSYS on syscalls from kernel
2020-02-19 22:46:08 +11:00
head_fsl_booke.S
powerpc/32: save DEAR/DAR before calling handle_page_fault
2020-01-26 22:15:09 +11:00
hw_breakpoint.c
powerpc/ptrace: move ptrace_triggered() into hw_breakpoint.c
2020-04-01 14:30:49 +11:00
idle_6xx.S
powerpc/6xx: Fix power_save_ppc32_restore() with CONFIG_VMAP_STACK
2020-02-18 21:31:12 +11:00
idle_book3e.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
idle_book3s.S
powerpc/64s: Reimplement power4_idle code in C
2020-01-16 14:59:37 +10:00
idle_e500.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
idle.c
powerpc/64s: Reimplement power4_idle code in C
2020-01-16 14:59:37 +10:00
ima_arch.c
powerpc/ima: Fix secure boot rules in ima arch policy
2020-05-07 17:25:54 +10:00
io-workarounds.c
powerpc/mm: rework io-workaround invocation.
2019-08-27 13:03:34 +10:00
io.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
iomap.c
powerpc: iomap.c: introduce io{read|write}64_{lo_hi|hi_lo}
2018-04-05 14:59:26 +10:00
iommu.c
Merge branch 'topic/ppc-kvm' into next
2019-08-30 09:52:57 +10:00
irq.c
powerpc/64s: Fix doorbell wakeup msgclr optimisation
2020-04-03 00:09:53 +11:00
isa-bridge.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
jump_label.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
kgdb.c
powerpc: Activate CONFIG_THREAD_INFO_IN_TASK
2019-02-23 22:31:40 +11:00
kprobes-ftrace.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
kprobes.c
powerpc/kprobes: Ignore traps that happened in real mode
2020-03-25 12:09:51 +11:00
kvm_emul.S
powerpc/kvm: Add ifdefs around template code
2019-09-14 00:04:40 +10:00
kvm.c
powerpc/kvm: Explicitly mark kvm guest code as __init
2019-09-14 00:04:40 +10:00
l2cr_6xx.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61
2019-05-24 17:36:45 +02:00
legacy_serial.c
tty/serial: Migrate 8250_fsl to use has_sysrq
2019-12-18 15:04:42 +01:00
Makefile
powerpc/64: make buildable without CONFIG_COMPAT
2020-04-03 00:10:00 +11:00
mce_power.c
powerpc/pseries: Handle UE event for memcpy_mcsafe
2020-03-27 14:59:35 +11:00
mce.c
powerpc/pseries: Handle UE event for memcpy_mcsafe
2020-03-27 14:59:35 +11:00
misc_32.S
powerpc/32: Split kexec low level code out of misc_32.S
2019-11-21 15:41:34 +11:00
misc_64.S
Merge branch 'topic/kaslr-book3e32' into next
2019-11-14 19:23:33 +11:00
misc.S
powerpc: Rename current_stack_pointer() to current_stack_frame()
2020-03-04 22:44:28 +11:00
module_32.c
powerpc updates for 5.3
2019-07-13 16:08:36 -07:00
module_64.c
powerpc updates for 5.3
2019-07-13 16:08:36 -07:00
module.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
module.lds
powerpc/modules: Fix alignment of .toc section in kernel modules
2017-12-11 13:03:35 +11:00
msi.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
note.S
powerpc: Add PowerPC Capabilities ELF note
2019-08-30 09:40:15 +10:00
nvram_64.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
of_platform.c
powerpc/eeh: Make early EEH init pseries specific
2020-03-25 12:09:39 +11:00
optprobes_head.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
optprobes.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
paca.c
powerpc/64: Prevent stack protection in early boot
2020-03-25 12:09:38 +11:00
pci_32.c
powerpc/64: Adjust order in pcibios_init()
2019-08-22 23:11:48 +10:00
pci_64.c
powerpc/64: Adjust order in pcibios_init()
2019-08-22 23:11:48 +10:00
pci_dn.c
powerpc/pcidn: Warn when sriov pci_dn management is used incorrectly
2020-01-23 21:31:19 +11:00
pci_of_scan.c
powerpc/pci: Remove pcibios_setup_bus_devices()
2020-01-06 16:25:29 +11:00
pci-common.c
powerpc updates for 5.7
2020-04-05 11:12:59 -07:00
pci-hotplug.c
powerpc/eeh: Do early EEH init only when required
2020-03-25 12:09:38 +11:00
pmc.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
ppc32.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
ppc_save_regs.S
powerpc: Improve ppc_save_regs()
2020-04-04 21:40:57 +11:00
proc_powerpc.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
process.c
powerpc/64s: Implement interrupt exit logic in C
2020-04-01 13:42:14 +11:00
prom_init_check.sh
powerpc/prom_init: Undo relocation before entering secure mode
2019-10-29 15:12:17 +11:00
prom_init.c
powerpc/prom_init: Remove leftover comment
2020-03-25 21:15:01 +11:00
prom_parse.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
prom.c
powerpc/fadump: add support to preserve crash data on FADUMP disabled kernel
2019-09-14 00:04:45 +10:00
reloc_32.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
reloc_64.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
rtas_flash.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
rtas_pci.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
rtas-proc.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
rtas-rtc.c
powerpc: use time64_t in read_persistent_clock
2018-06-03 20:43:33 +10:00
rtas.c
powerpc/rtas: allow rescheduling while changing cpu states
2019-08-20 21:22:27 +10:00
rtasd.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
secure_boot.c
powerpc: Detect the trusted boot state of the system
2019-11-12 12:25:49 +11:00
security.c
powerpc updates for 5.5
2019-11-30 14:35:43 -08:00
secvar-ops.c
powerpc/powernv: Add OPAL API interface to access secure variable
2019-11-13 00:33:22 +11:00
secvar-sysfs.c
powerpc: expose secure variables to userspace via sysfs
2019-11-13 00:33:22 +11:00
setup_32.c
powerpc/32: drop unused ISA_DMA_THRESHOLD
2020-04-01 14:30:50 +11:00
setup_64.c
powerpc/setup_64: Set cache-line-size based on cache-block-size
2020-04-21 18:01:06 +10:00
setup-common.c
powerpc/kernel: no need to check return value of debugfs_create functions
2020-03-04 22:44:25 +11:00
setup.h
powerpc/64: Prevent stack protection in early boot
2020-03-25 12:09:38 +11:00
signal_32.c
powerpc: move common register copy functions from signal_32.c to signal.c
2020-04-03 00:09:59 +11:00
signal_64.c
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
2020-04-01 13:42:00 +11:00
signal.c
powerpc/64: make buildable without CONFIG_COMPAT
2020-04-03 00:10:00 +11:00
signal.h
powerpc/64/sycall: Implement syscall entry/exit logic in C
2020-04-01 13:42:13 +11:00
smp-tbsync.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
smp.c
powerpc/smp: Use IS_ENABLED() to avoid #ifdef
2020-03-27 01:15:09 +11:00
stacktrace.c
powerpc: Rename current_stack_pointer() to current_stack_frame()
2020-03-04 22:44:28 +11:00
suspend.c
PM: hibernate: powerpc: Expose pfn_is_nosave() prototype
2019-06-14 10:48:56 +02:00
swsusp_32.S
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
2019-06-19 20:05:07 +10:00
swsusp_64.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505
2019-06-19 17:11:22 +02:00
swsusp_asm64.S
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 505
2019-06-19 17:11:22 +02:00
swsusp_booke.S
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
swsusp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
sys_ppc32.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
syscall_64.c
powerpc/64/kuap: Move kuap checks out of MSR[RI]=0 regions of exit code
2020-05-04 09:22:58 +10:00
syscalls.c
y2038: syscalls: change remaining timeval to __kernel_old_timeval
2019-11-15 14:38:29 +01:00
sysfs.c
powerpc/kernel/sysfs: Add new config option PMU_SYSFS to enable PMU SPRs sysfs file creation
2020-03-04 22:44:28 +11:00
systbl_chk.sh
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
systbl.S
powerpc/64/sycall: Implement syscall entry/exit logic in C
2020-04-01 13:42:13 +11:00
tau_6xx.c
powerpc/tau: Make some function static
2018-05-25 12:04:44 +10:00
time.c
Revert "powerpc/64: irq_work avoid interrupt when called with hardware irqs enabled"
2020-04-03 16:55:34 +11:00
tm.S
powerpc/tm: update comment about interrupt re-entrancy
2019-07-02 21:39:49 +10:00
traps.c
powerpc/kernel: no need to check return value of debugfs_create functions
2020-03-04 22:44:25 +11:00
ucall.S
powerpc/kernel: Add ucall_norets() ultravisor call handler
2019-08-30 09:40:15 +10:00
udbg_16550.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
udbg.c
powerpc/udbg: Make it safe to call udbg_printf() always
2019-10-11 19:33:25 +11:00
uprobes.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156
2019-05-30 11:26:35 -07:00
vdso.c
powerpc/64: make buildable without CONFIG_COMPAT
2020-04-03 00:10:00 +11:00
vecemu.c
powerpc: Add a missing include header
2018-05-25 12:04:46 +10:00
vector.S
powerpc/64s: Implement interrupt exit logic in C
2020-04-01 13:42:14 +11:00
vmlinux.lds.S
powerpc updates for 5.7
2020-04-05 11:12:59 -07:00
watchdog.c
powerpc/watchdog: Use hrtimers for per-CPU heartbeat
2019-04-30 11:31:02 +10:00