summaryrefslogtreecommitdiff
path: root/security/integrity/ima/ima_efi.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2022-07-14 12:15:42 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2022-07-14 12:15:42 -0700
commit4adfa865bb972d38d35a6fb19e59a86074d25a75 (patch)
treeaa4066c79584b87b4261e602d5573f1d8b97e2dd /security/integrity/ima/ima_efi.c
parent2eb5866cac07121b0990d0af5085e36ca5b1ccad (diff)
parent067d2521874135267e681c19d42761c601d503d6 (diff)
Merge tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity fixes from Mimi Zohar: "Here are a number of fixes for recently found bugs. Only 'ima: fix violation measurement list record' was introduced in the current release. The rest address existing bugs" * tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: Fix potential memory leak in ima_init_crypto() ima: force signature verification when CONFIG_KEXEC_SIG is configured ima: Fix a potential integer overflow in ima_appraise_measurement ima: fix violation measurement list record Revert "evm: Fix memleak in init_desc"
Diffstat (limited to 'security/integrity/ima/ima_efi.c')
-rw-r--r--security/integrity/ima/ima_efi.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c
index 71786d01946f..9db66fe310d4 100644
--- a/security/integrity/ima/ima_efi.c
+++ b/security/integrity/ima/ima_efi.c
@@ -67,6 +67,8 @@ const char * const *arch_get_ima_policy(void)
if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) {
if (IS_ENABLED(CONFIG_MODULE_SIG))
set_module_sig_enforced();
+ if (IS_ENABLED(CONFIG_KEXEC_SIG))
+ set_kexec_sig_enforced();
return sb_arch_rules;
}
return NULL;
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-02 03:12:56 +0000