On Mon, Jun 22, 2020 at 03:01:27PM -0400, Nayna wrote:
On 6/22/20 1:27 PM, Bruno Meneguele wrote:
IMA_APPRAISE_BOOTPARAM has been marked as dependent on !IMA_ARCH_POLICY in compile time, enforcing the appraisal whenever the kernel had the arch policy option enabled.
However it breaks systems where the option is actually set but the system wasn't booted in a "secure boot" platform. In this scenario, anytime the an appraisal policy (i.e. ima_policy=appraisal_tcb) is used it will be forced, giving no chance to the user set the 'fix' state (ima_appraise=fix) to actually measure system's files.
This patch remove this compile time dependency and move it to a runtime decision, based on the arch policy loading failure/success.
Thanks for looking at this.
For arch specific policies, kernel signature verification is enabled based on the secure boot state of the system. Perhaps, enforce the appraisal as well based on if secure boot is enabled.
Thanks & Regards,
That's a good point.
I'm going to take another look and see where the check fits better and come back with a new patch(set).
Thanks Nayna.