mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00

Deven Bowers 54a88cd259 ipe: add policy parser

IPE's interpretation of the what the user trusts is accomplished through
its policy. IPE's design is to not provide support for a single trust
provider, but to support multiple providers to enable the end-user to
choose the best one to seek their needs.

This requires the policy to be rather flexible and modular so that
integrity providers, like fs-verity, dm-verity, or some other system,
can plug into the policy with minimal code changes.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: added NULL check in parse_rule() as discussed]
Signed-off-by: Paul Moore <paul@paul-moore.com>

2024-08-20 14:01:00 -04:00

251 B

Raw Blame History

SPDX-License-Identifier: GPL-2.0

Makefile for building the IPE module as part of the kernel tree.

obj-$(CONFIG_SECURITY_IPE) +=
ipe.o
policy.o
policy_parser.o \

251 B Raw Blame History

SPDX-License-Identifier: GPL-2.0

Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.

Makefile for building the IPE module as part of the kernel tree.

251 B

Raw Blame History