mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
synced 2026-04-18 03:23:53 -04:00
ba199dc909
Enables an IPE policy to be enforced from kernel start, enabling access control based on trust from kernel startup. This is accomplished by transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a c-string literal that is parsed at kernel startup as an unsigned policy. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
29 lines
637 B
Makefile
29 lines
637 B
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
|
|
#
|
|
# Makefile for building the IPE module as part of the kernel tree.
|
|
#
|
|
|
|
quiet_cmd_polgen = IPE_POL $(2)
|
|
cmd_polgen = scripts/ipe/polgen/polgen security/ipe/boot_policy.c $(2)
|
|
|
|
targets += boot_policy.c
|
|
|
|
$(obj)/boot_policy.c: scripts/ipe/polgen/polgen $(CONFIG_IPE_BOOT_POLICY) FORCE
|
|
$(call if_changed,polgen,$(CONFIG_IPE_BOOT_POLICY))
|
|
|
|
obj-$(CONFIG_SECURITY_IPE) += \
|
|
boot_policy.o \
|
|
digest.o \
|
|
eval.o \
|
|
hooks.o \
|
|
fs.o \
|
|
ipe.o \
|
|
policy.o \
|
|
policy_fs.o \
|
|
policy_parser.o \
|
|
audit.o \
|
|
|
|
clean-files := boot_policy.c \
|