Skip to content

Commit fd90bc5

Browse files
author
Mimi Zohar
committed
ima: based on policy verify firmware signatures (pre-allocated buffer)
Don't differentiate, for now, between kernel_read_file_id READING_FIRMWARE and READING_FIRMWARE_PREALLOC_BUFFER enumerations. Fixes: a098ecd firmware: support loading into a pre-allocated buffer (since 4.8) Signed-off-by: Mimi Zohar <[email protected]> Cc: Luis R. Rodriguez <[email protected]> Cc: David Howells <[email protected]> Cc: Kees Cook <[email protected]> Cc: Serge E. Hallyn <[email protected]> Cc: Stephen Boyd <[email protected]>
1 parent f1b08bb commit fd90bc5

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

security/integrity/ima/ima_main.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -447,6 +447,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
447447

448448
static int read_idmap[READING_MAX_ID] = {
449449
[READING_FIRMWARE] = FIRMWARE_CHECK,
450+
[READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK,
450451
[READING_MODULE] = MODULE_CHECK,
451452
[READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK,
452453
[READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK,

0 commit comments

Comments
 (0)