Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorri...
[muen/linux.git] / Documentation / admin-guide / kernel-parameters.txt
index 683145d7b054df49b5994e66bbf94e5a591b40a0..9a3edf7e901ab331e2b005593d15f43d11cae9b3 100644 (file)
 
        ima_policy=     [IMA]
                        The builtin policies to load during IMA setup.
-                       Format: "tcb | appraise_tcb | secure_boot"
+                       Format: "tcb | appraise_tcb | secure_boot |
+                                fail_securely"
 
                        The "tcb" policy measures all programs exec'd, files
                        mmap'd for exec, and all files opened with the read
                        of files (eg. kexec kernel image, kernel modules,
                        firmware, policy, etc) based on file signatures.
 
+                       The "fail_securely" policy forces file signature
+                       verification failure also on privileged mounted
+                       filesystems with the SB_I_UNVERIFIABLE_SIGNATURE
+                       flag.
+
        ima_tcb         [IMA] Deprecated.  Use ima_policy= instead.
                        Load a policy which meets the needs of the Trusted
                        Computing Base.  This means IMA will measure all