git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'integrity-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar...
[sfrench/cifs-2.6.git] / security / integrity / ima / ima_appraise.c
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index a9649b04b9f1d8acb47ea5f80f20b2b09703f6a3..372d163829606d0a16b675c88c13cde551f40b01 100644 (file)
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -19,6 +19,12 @@
 static int __init default_appraise_setup(char *str)
 {
 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
+       if (arch_ima_get_secureboot()) {
+               pr_info("Secure boot enabled: ignoring ima_appraise=%s boot parameter option",
+                       str);
+               return 1;
+       }
+
        if (strncmp(str, "off", 3) == 0)
                ima_appraise = 0;
        else if (strncmp(str, "log", 3) == 0)
@@ -328,7 +334,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint,
 
                rc = is_binary_blacklisted(digest, digestsize);
                if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
-                       process_buffer_measurement(digest, digestsize,
+                       process_buffer_measurement(NULL, digest, digestsize,
                                                   "blacklisted-hash", NONE,
                                                   pcr, NULL);
        }
Unnamed repository; edit this file 'description' to name the repository.