Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp4169596pxb; Tue, 25 Jan 2022 05:04:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJzAatZ18NMBoHMYCyP7UZ8G1pvNCxDdz9Tv4EigeMeGXZ7QPLDpKr3/GZUdNI8cb3vHSc2d X-Received: by 2002:a17:902:ce91:b0:14b:42a0:8adf with SMTP id f17-20020a170902ce9100b0014b42a08adfmr11330598plg.1.1643115852429; Tue, 25 Jan 2022 05:04:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643115852; cv=none; d=google.com; s=arc-20160816; b=KosI7fVrWJkQe+AFVVQJQVbtc/k9AumUUf+wX5XiV1Jb1eouX80UhknxiUVbPKvG5I dzvT2yhbSJUZ/gDJB3OFPGGRl8XuQtmFhnSuX4piCrDgNEwGkpPO1DGppNB6OpqzpSIJ LYMoOr6tLUyzDfL6MhZ6pJkVGAr/ZKjVkJlNOmeyl6ot8QWHdxmY8Tar7vBq60w6jCT6 /AAgRhI1YhsfGShqGzLU59FaG37+uvBQEgKRIB+y6Mlkefzqp+iB/0aFxF6v8owB2vKf 0ctBm9K69iAanuOIgrR/eHM8Xs+Ay06T0UPEwJzYYd+hnvAdsPUolPWpehprGthbs85I dQRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from; bh=CkxbJsiCwWL+Y/sNeUKQA79sPSg3SwLas2UqcvzaTbU=; b=wR30QZZJBqq2OaxHEBm//+RoIULxq6Rl0N5qJaBLEAjVwKRGk2fv4gBxnvCyILYrfc NWQo6Xtf/CQzgqk1Wlh+L7oDxuxhZaXsdSo/wCzI76uJR0n+LO7KJxwHpYw18+21QKOZ RKJ6yVR+yfSv2Xe+hPnBFgSpTTyRc111HUdCxlSUcXRF1dmE7Fh/3dLDtWf+SEPiqYBa 6SUdI5shCvUgsX8Zc1eBiU6u9oFcs6tAKkmHb5JEWB4qvW7ToDsosrXEIa7ArULiXVF2 OjnQdHqt4YtkBiK+WF8i4z2ROUQM4cZfxr5dMLsQq7psGJONuH8oBbGCt5Um8FL2T71J 4Alw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 198si7144609pgc.799.2022.01.25.05.03.59; Tue, 25 Jan 2022 05:04:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355420AbiAYJIS (ORCPT + 99 others); Tue, 25 Jan 2022 04:08:18 -0500 Received: from szxga02-in.huawei.com ([45.249.212.188]:30302 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1455056AbiAYJCb (ORCPT ); Tue, 25 Jan 2022 04:02:31 -0500 Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.53]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4Jjgnr4cngzbkG3; Tue, 25 Jan 2022 17:01:36 +0800 (CST) Received: from huawei.com (10.67.175.31) by dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 25 Jan 2022 17:02:26 +0800 From: GUO Zihua To: , CC: , , , , , , Subject: [RESEND][PATCH] Documentation: added order requirement for ima_hash= Date: Tue, 25 Jan 2022 17:02:37 +0800 Message-ID: <20220125090237.120357-1-guozihua@huawei.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.67.175.31] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To dggpemm500024.china.huawei.com (7.185.36.203) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Guo Zihua Commandline parameter ima_hash= and ima_template= has order requirement for them to work correctly together. Namely ima_hash= must be specified after ima_template=, otherwise ima_template= will be ignored. The reason is that when handling ima_hash=, ima template would be set to the default value if it has not been initialized already, and that value cannot be changed afterwards by ima_template=. This patch adds this limitation to the documentation. Reviewed-by: Roberto Sassu Signed-off-by: Guo Zihua --- Documentation/admin-guide/kernel-parameters.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index f5a27f067db9..1b5aa6ca65f8 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -1843,6 +1843,10 @@ The list of supported hash algorithms is defined in crypto/hash_info.h. + This parameter must be specified after ima_template=, + as it would set the default template and that cannot be + changed by ima_template= afterwards. + ima_policy= [IMA] The builtin policies to load during IMA setup. Format: "tcb | appraise_tcb | secure_boot | @@ -1879,6 +1883,9 @@ Formats: { "ima" | "ima-ng" | "ima-sig" } Default: "ima-ng" + This parameter must be specified before ima_hash=. + Please refer to ima_hash= for further explanation. + ima_template_fmt= [IMA] Define a custom template format. Format: { "field1|...|fieldN" } -- 2.17.1