• Dmitry Kasatkin's avatar
    integrity: define '.evm' as a builtin 'trusted' keyring · f4dc3778
    Dmitry Kasatkin authored
    Require all keys added to the EVM keyring be signed by an
    existing trusted key on the system trusted keyring.
    
    This patch also switches IMA to use integrity_init_keyring().
    
    Changes in v3:
    * Added 'init_keyring' config based variable to skip initializing
      keyring instead of using  __integrity_init_keyring() wrapper.
    * Added dependency back to CONFIG_IMA_TRUSTED_KEYRING
    
    Changes in v2:
    * Replace CONFIG_EVM_TRUSTED_KEYRING with IMA and EVM common
      CONFIG_INTEGRITY_TRUSTED_KEYRING configuration option
    * Deprecate CONFIG_IMA_TRUSTED_KEYRING but keep it for config
      file compatibility. (Mimi Zohar)
    Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@huawei.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    f4dc3778
evm_main.c 13.8 KB