ima,evm: Add two variables to write filenames and signatures into - linux/meta-security.git - Mirror of git.yoctoproject.org/meta-security.git

diff options

author	Stefan Berger <stefanb@linux.ibm.com>	2023-11-01 13:13:17 -0400
committer	Armin Kuster <akuster808@gmail.com>	2023-11-08 07:09:28 -0500
commit	070a1e82cc59424d230a23c0b2a104b01fbaa2ad (patch)
tree	f43c72719aba5e78759a903bb78d0892a8e51730 /dynamic-layers/meta-python
parent	9769990db3ca6dae405049b632966cd6e08a8ada (diff)
download	meta-security-070a1e82cc59424d230a23c0b2a104b01fbaa2ad.tar.gz

ima,evm: Add two variables to write filenames and signatures into

Add two variables IMA_FILE_SIGNATURES_FILE and EVM_FILE_SIGNATURES_FILE for filenames where the ima_evm_sign_rootfs script can write the names of files and their IMA or EVM signatures into. Both variables are optional. The content of the file with IMA signatures may look like this: /usr/bin/gpiodetect ima:0x0302046730eefd... /usr/bin/pwscore ima:0x0302046730eefd004... Having the filenames along with their signatures is useful for signing files in the initrd when the initrd is running out of a tmpfs filesystem that has support for xattrs. This allows to enable an IMA appraisal policy already in the initrd where files must be signed as soon as the policy becomes active. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'dynamic-layers/meta-python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: