mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-05 05:15:23 +02:00

Deven Bowers ba199dc909 scripts: add boot policy generation program

Enables an IPE policy to be enforced from kernel start, enabling access
control based on trust from kernel startup. This is accomplished by
transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
c-string literal that is parsed at kernel startup as an unsigned policy.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

2024-08-20 14:03:39 -04:00

637 B

Raw Blame History

SPDX-License-Identifier: GPL-2.0

Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.

Makefile for building the IPE module as part of the kernel tree.

quiet_cmd_polgen = IPE_POL $(2) cmd_polgen = scripts/ipe/polgen/polgen security/ipe/boot_policy.c $(2)

targets += boot_policy.c

$(obj)/boot_policy.c: scripts/ipe/polgen/polgen $(CONFIG_IPE_BOOT_POLICY) FORCE $(call if_changed,polgen,$(CONFIG_IPE_BOOT_POLICY))

obj-$(CONFIG_SECURITY_IPE) +=
boot_policy.o
digest.o
eval.o
hooks.o
fs.o
ipe.o
policy.o
policy_fs.o
policy_parser.o
audit.o \

clean-files := boot_policy.c \

637 B Raw Blame History

SPDX-License-Identifier: GPL-2.0

Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.

Makefile for building the IPE module as part of the kernel tree.

637 B

Raw Blame History