On Tue, 2016-01-19 at 16:10 -0800, Kees Cook wrote:

On Mon, Jan 18, 2016 at 7:11 AM, Mimi Zohar [off-list ref] wrote:

quoted

Replace fw_read_file_contents() for reading a file with the common VFS
kernel_read_file() function.  A benefit of calling kernel_read_file()
to read the firmware is the firmware is read only once, instead of once
for measuring/appraising the firmware and again for reading the file
contents into memory.

This patch retains the kernel_fw_from_file() hook, which is called from
security_kernel_post_read_file(), but removes the
sercurity_kernel_fw_from_file() function.

Changelog:
- reordered and squashed firmware patches
- fix MAX firmware size (Kees Cook)

Signed-off-by: Mimi Zohar <redacted>

Reviewed-by: Kees Cook <redacted>

Thanks!

Mimi