git.baikalelectronics.ru Git - kernel.git/commit

author	Thiago Jung Bauermann <bauerman@linux.ibm.com>
	Fri, 28 Jun 2019 02:19:30 +0000 (23:19 -0300)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 5 Aug 2019 22:40:23 +0000 (18:40 -0400)
commit	782d3948f18fb8886d44b74dfee7b91f91063173
tree	5ab235d361dcf9671a715f4fa38259789fa68e3f	tree \| snapshot
parent	0f75519caef9584b148926c0fb4e440a282576df	commit \| diff

ima: Implement support for module-style appended signatures

Implement the appraise_type=imasig|modsig option, allowing IMA to read and
verify modsig signatures.

In case a file has both an xattr signature and an appended modsig, IMA will
only use the appended signature if the key used by the xattr signature
isn't present in the IMA or platform keyring.

Because modsig verification needs to convert from an integrity keyring id
to the keyring itself, add an integrity_keyring_from_id() function in
digsig.c so that integrity_modsig_verify() can use it.

Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

security/integrity/digsig.c		diff \| blob \| history
security/integrity/ima/Kconfig		diff \| blob \| history
security/integrity/ima/ima.h		diff \| blob \| history
security/integrity/ima/ima_appraise.c		diff \| blob \| history
security/integrity/ima/ima_main.c		diff \| blob \| history
security/integrity/ima/ima_modsig.c		diff \| blob \| history
security/integrity/ima/ima_policy.c		diff \| blob \| history
security/integrity/integrity.h		diff \| blob \| history