• Dmitry Kasatkin's avatar
    integrity: provide a hook to load keys when rootfs is ready · c9cd2ce2
    Dmitry Kasatkin authored
    Keys can only be loaded once the rootfs is mounted. Initcalls
    are not suitable for that. This patch defines a special hook
    to load the x509 public keys onto the IMA keyring, before
    attempting to access any file. The keys are required for
    verifying the file's signature. The hook is called after the
    root filesystem is mounted and before the kernel calls 'init'.
    
    Changes in v3:
    * added more explanation to the patch description (Mimi)
    
    Changes in v2:
    * Hook renamed as 'integrity_load_keys()' to handle both IMA and EVM
      keys by integrity subsystem.
    * Hook patch moved after defining loading functions
    Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    c9cd2ce2
integrity.h 1.02 KB