en Copyright 2015 Java http://172.16.0.5:8080/history/linux-6.15/security/ipe/#6df401a2 ipe: policy_fs: fix kernel-doc warningsUse the "struct" keyword in kernel-doc when describing structipefs_file. Add kernel-doc for the struct members also.Don't use kernel-doc notation for 'policy_subdir'. kernel-doc doesnot support documentation comments for data definitions.This eliminates multiple kernel-doc warnings:security/ipe/policy_fs.c:21: warning: cannot understand function prototype: 'struct ipefs_file 'security/ipe/policy_fs.c:407: warning: cannot understand function prototype: 'const struct ipefs_file policy_subdir[] = 'Signed-off-by: Randy Dunlap <rdunlap@infradead.org>Cc: Fan Wu <wufan@kernel.org>Cc: Paul Moore <paul@paul-moore.com>Cc: James Morris <jmorris@namei.org>Cc: Serge E. Hallyn <serge@hallyn.com>Cc: linux-security-module@vger.kernel.orgSigned-off-by: Fan Wu <wufan@kernel.org> List of files: /linux-6.15/security/ipe/policy_fs.c Sat, 11 Jan 2025 06:00:00 +0000 Randy Dunlap <rdunlap@infradead.org> http://172.16.0.5:8080/history/linux-6.15/security/ipe/#ba199dc9 scripts: add boot policy generation programEnables an IPE policy to be enforced from kernel start, enabling accesscontrol based on trust from kernel startup. This is accomplished bytransforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into ac-string literal that is parsed at kernel startup as an unsigned policy.Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>Signed-off-by: Fan Wu <wufan@linux.microsoft.com>Signed-off-by: Paul Moore <paul@paul-moore.com> List of files: /linux-6.15/security/ipe/fs.c Sat, 03 Aug 2024 06:00:00 +0000 Deven Bowers <deven.desai@linux.microsoft.com> http://172.16.0.5:8080/history/linux-6.15/security/ipe/#31f8c868 ipe: enable support for fs-verity as a trust providerEnable IPE policy authors to indicate trust for a singular fsverityfile, identified by the digest information, through "fsverity_digest"and all files using valid fsverity builtin signatures via"fsverity_signature".This enables file-level integrity claims to be expressed in IPE,allowing individual files to be authorized, giving some flexibilityfor policy authors. Such file-level claims are important to be expressedfor enforcing the integrity of packages, as well as address some of thescalability issues in a sole dm-verity based solution (# of loop backdevices, etc).This solution cannot be done in userspace as the minimum threat thatIPE should mitigate is an attacker downloads malicious payload withall required dependencies. These dependencies can lack the userspacecheck, bypassing the protection entirely. A similar attack succeeds ifthe userspace component is replaced with a version that does notperform the check. As a result, this can only be done in the commonentry point - the kernel.Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>Signed-off-by: Fan Wu <wufan@linux.microsoft.com>Signed-off-by: Paul Moore <paul@paul-moore.com> List of files: /linux-6.15/security/ipe/audit.c Sat, 03 Aug 2024 06:00:00 +0000 Fan Wu <wufan@linux.microsoft.com> http://172.16.0.5:8080/history/linux-6.15/security/ipe/#f40998a8 ipe: fallback to platform keyring also if key in trusted keyring is rejectedIf enabled, we fallback to the platform keyring if the trusted keyringdoesn't have the key used to sign the ipe policy. But if pkcs7_verify()rejects the key for other reasons, such as usage restrictions, we do notfallback. Do so, following the same change in dm-verity.Signed-off-by: Luca Boccassi <bluca@debian.org>Suggested-by: Serge Hallyn <serge@hallyn.com>[FW: fixed some line length issues and a typo in the commit message]Signed-off-by: Fan Wu <wufan@kernel.org> List of files: /linux-6.15/security/ipe/policy.c Fri, 27 Sep 2024 08:00:00 +0000 Luca Boccassi <bluca@debian.org>