3 files changed, 6 insertions, 3 deletions

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 90c12c591168..2aa1b6e74aca 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1292,7 +1292,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                         Set number of hash buckets for inode cache.
 
         ima_appraise=   [IMA] appraise integrity measurements
-                        Format: { "off" | "enforce" | "fix" }
+                        Format: { "off" | "enforce" | "fix" | "log" }
                         default: "enforce"
 
         ima_appraise_tcb [IMA]
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 8e4bb883fc13..d61680dcd365 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -159,8 +159,9 @@ void ima_delete_rules(void);
 /* Appraise integrity measurements */
 #define IMA_APPRAISE_ENFORCE    0x01
 #define IMA_APPRAISE_FIX        0x02
-#define IMA_APPRAISE_MODULES    0x04
-#define IMA_APPRAISE_FIRMWARE   0x08
+#define IMA_APPRAISE_LOG        0x04
+#define IMA_APPRAISE_MODULES    0x08
+#define IMA_APPRAISE_FIRMWARE   0x10
 
 #ifdef CONFIG_IMA_APPRAISE
 int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 013ec3f0e42d..2dc13fbb7e91 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -23,6 +23,8 @@ static int __init default_appraise_setup(char *str)
 {
         if (strncmp(str, "off", 3) == 0)
                 ima_appraise = 0;
+        else if (strncmp(str, "log", 3) == 0)
+                ima_appraise = IMA_APPRAISE_LOG;
         else if (strncmp(str, "fix", 3) == 0)
                 ima_appraise = IMA_APPRAISE_FIX;
         return 1;