mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-11-01 17:08:10 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/integrity
History
Mimi Zohar 54f03916fb ima: permit fsverity's file digests in the IMA measurement list 
Permit fsverity's file digest (a hash of struct fsverity_descriptor) to
be included in the IMA measurement list, based on the new measurement
policy rule 'digest_type=verity' option.

To differentiate between a regular IMA file hash from an fsverity's
file digest, use the new d-ngv2 format field included in the ima-ngv2
template.

The following policy rule requires fsverity file digests and specifies
the new 'ima-ngv2' template, which contains the new 'd-ngv2' field.  The
policy rule may be constrained, for example based on a fsuuid or LSM
label.

measure func=FILE_CHECK digest_type=verity template=ima-ngv2

Acked-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-05-05 11:49:13 -04:00
..
evm EVM: fix the evm= __setup handler return value 2022-02-22 18:11:33 -05:00
ima ima: permit fsverity's file digests in the IMA measurement list 2022-05-05 11:49:13 -04:00
platform_certs integrity: Only use machine keyring when uefi_check_trust_mok_keys is true 2022-03-08 13:55:52 +02:00
digsig.c integrity: Only use machine keyring when uefi_check_trust_mok_keys is true 2022-03-08 13:55:52 +02:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity.h ima: permit fsverity's file digests in the IMA measurement list 2022-05-05 11:49:13 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
Kconfig integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00