[$] The integrity policy enforcement security module

There are many ways to try to keep a system secure. One of those, oftenemployed in embedded or other dedicated-purpose systems, is to try toensure that only code that has been approved (by whoever holds that powerover the system in question) can be executed. The secure boot mechanism,which is intended to keep a computer from booting anything but a trustedkernel, is one piece of this puzzle, but its protection only extendsthrough the process of booting the kernel itself. Various mechanisms exist forprotecting a system after it boots; a new option for this stage is the IntegrityPolicy Enforcement (IPE) security module, posted by Deven Bowers.