ima: update builtin policies

[firefly-linux-kernel-4.4.55.git] / Documentation / kernel-parameters.txt

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index f6befa9855c128b193620cd83a0d654a9e5428df..807b765087d4cb5b7ee4874d75ba1cba4772e082 100644 (file)
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1398,7 +1398,15 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                        The list of supported hash algorithms is defined
                        in crypto/hash_info.h.
 
-       ima_tcb         [IMA]
+       ima_policy=     [IMA]
+                       The builtin measurement policy to load during IMA
+                       setup.  Specyfing "tcb" as the value, measures all
+                       programs exec'd, files mmap'd for exec, and all files
+                       opened with the read mode bit set by either the
+                       effective uid (euid=0) or uid=0.
+                       Format: "tcb"
+
+       ima_tcb         [IMA] Deprecated.  Use ima_policy= instead.
                        Load a policy which meets the needs of the Trusted
                        Computing Base.  This means IMA will measure all
                        programs exec'd, files mmap'd for exec, and all files
@@ -1406,7 +1414,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 
        ima_template=   [IMA]
                        Select one of defined IMA measurements template formats.
-                       Formats: { "ima" | "ima-ng" }
+                       Formats: { "ima" | "ima-ng" | "ima-sig" }
                        Default: "ima-ng"
 
        ima_template_fmt=