Am Donnerstag, 20. April 2017, 08:13:23 BRT schrieb Mimi Zohar:
> On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> > If the func_tokens array uses the same indices as enum ima_hooks,
> > policy_func_show can be a lot simpler, and the func_* enum becomes
> >
Am Donnerstag, 20. April 2017, 15:37:37 BRT schrieb David Howells:
> Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> > On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> > > IMA will use the module_signature format for append signatures, so
> > > expo
eferencing pointer to
> >> incomplete type 'const struct key'
> return key->payload.data[asym_key_ids];
>^~
This happens with CONFIG_IMA_APPRAISE=y and CONFIG_KEYS=n.
Fixed by only including the new header files in ima_appraise.c if
CONFIG_IMA_APPRAISE_APPENDED_SIG=y
are cleanups and improvements that can be taken
independently from the others (and from each other as well). The last two
are the ones actually focused on this feature.
These patches apply on top of today's linux-security/next.
Thiago Jung Bauermann (6):
integrity: Small code improvements
ima
validate_module_signature without having to depend on
CONFIG_MODULE_SIG.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
include/linux/module_signature.h | 45
init/Kconfig | 6 +++-
kernel/Makefile | 2 +-
kernel/module_sig
Strictly speaking, boot_aggregate_name is a constant string, not a
modifiable pointer to a constant string.
Also, constify mask_tokens and func_tokens arrays.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_init.c | 2 +-
security/int
If the file doesn't have an xattr, ima_appraise_measurement sets cause to
"missing-hash" while if there's an xattr but it's a digest instead of a
signature it sets cause to "IMA-signature-required".
Fix it by setting cause to "IMA-signature-required" in both case
in
CONFIG_IMA_APPRAISE_APPENDED_SIG, because CONFIG_MODULE_SIG_FORMAT selects
CONFIG_KEYS and Kconfig complains that CONFIG_INTEGRITY_SIGNATURE depends
on it.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
crypto/asymmetric_keys/asymmetric_type.c | 1 +
crypto/asymmetri
If the func_tokens array uses the same indices as enum ima_hooks,
policy_func_show can be a lot simpler, and the func_* enum becomes
unnecessary.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_policy.
to use a cast if they provide a buffer
that isn't a char *.
Also, add missing fall through comment in ima_appraise.c.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/digsig_asymmetric.c | 4 ++--
security/integrity/iint.c | 2 +-
se
Am Freitag, 21. April 2017, 09:57:56 BRT schrieb Mimi Zohar:
> On Thu, 2017-04-20 at 17:40 -0300, Thiago Jung Bauermann wrote:
> > @@ -949,49 +936,16 @@ void ima_policy_stop(struct seq_file *m, void *v)
> >
> > #define pt(token) policy_tokens[token + Opt_err].pattern
Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
> On Wed, 2017-08-02 at 18:52 -0400, Mimi Zohar wrote:
>> On Wed, 2017-08-02 at 14:42 -0300, Thiago Jung Bauermann wrote:
>> > Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
>
>> > >> @@ -229,8 +251,2
.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/Kconfig| 13 +++
security/integrity/ima/Makefile | 1 +
security/integrity/ima/ima.h | 60 ++--
security/integrity/ima/ima_appraise.c
, and by then the measure step was already
completed and would need to be done again in case the template includes the
signature.
To avoid this problem, do the appraisal first so that the correct signature
is stored by the template in the measure step.
Signed-off-by: Thiago Jung Bauermann <ba
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/digsig.c| 28 +++-
security/int
validate_module_signature without having to depend on
CONFIG_MODULE_SIG.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
include/linux/module.h | 3 --
include/linux/module_signature.h | 47 +
init/Kconfig | 6 +++-
kernel/Ma
This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by
a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
ata, since in most places the array
doesn't hold a digest.
A separate struct evm_hmac_xattr is introduced, with the original
definition of evm_ima_xattr_data to be used in the places that actually
expect that definition.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
se
yring_from_id function.
- Put modsig to measurement list if the template requires the signature
contents. (suggested by Mimi).
Thiago Jung Bauermann (7):
integrity: Introduce struct evm_hmac_xattr
MODSIGN: Export module signature definitions.
PKCS#7: Introduce verify_pkcs7_message_sig
Add function verify_pkcs7_message_signature which takes a struct
pkcs7_message for verification isntead of the raw bytes that
verify_pkcs7_signature takes.
This will be used by IMA to verify files with module-style appended
signatures.
Signed-off-by: Thiago Jung Bauermann <ba
Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
> On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote:
>> Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
>> > On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote:
>> >> @@ -267,11 +2
Hello Mimi,
Thanks for your review.
Am Mittwoch, 26. April 2017, 07:21:19 BRT schrieb Mimi Zohar:
> On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:
> > This patch introduces the appended_imasig keyword to the IMA policy syntax
> > to specify that a given hoo
Am Mittwoch, 26. April 2017, 18:18:34 BRT schrieb Mehmet Kayaalp:
> > On Apr 20, 2017, at 7:41 PM, Thiago Jung Bauermann
> > <bauer...@linux.vnet.ibm.com> wrote:
> >
> > This patch introduces the appended_imasig keyword to the IMA policy syntax
> > to spe
d new xattr "subtype" IMA_MODSIG. (suggested by Mimi)
- Check whether a hook supports modsig when the policy is being parsed.
(suggested by Mimi)
- If the modsig verification fails, look for an xattr signature.
(suggested by Mimi)
- Add integrity_keyring_from_id function.
- Pu
ata, since in most places the array
doesn't hold a digest.
A separate struct evm_xattr is introduced, with the original definition of
evm_ima_xattr_data to be used in the places that actually expect that
definition.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
securi
This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by
a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/Kconfig| 13 +++
security/integrity/ima/Makefile | 1 +
security/integrity/ima/ima.h | 70 +++-
security/integrity/ima/ima_appraise.c
, and by then the measure step was already
completed and would need to be done again in case the template includes the
signature.
To avoid this problem, do the appraisal first so that the correct signature
is stored by the template in the measure step.
Signed-off-by: Thiago Jung Bauermann <ba
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/digsig.c| 28 +++-
security/int
validate_module_signature without having to depend on
CONFIG_MODULE_SIG.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
include/linux/module.h | 3 --
include/linux/module_signature.h | 47 +
init/Kconfig | 6 +++-
kernel/Ma
verify_pkcs7_message_signature which takes a struct
pkcs7_message for verification instead of the raw bytes that
verify_pkcs7_signature takes.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
certs/system_keyring.c| 60 +--
crypto/asymmetri
Hello Mimi,
Thanks for your review!
The patch at the end of the email implements your suggestions, what do
you think?
Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
> On Thu, 2017-07-06 at 19:17 -0300, Thiago Jung Bauermann wrote:
>> A separate struct evm_hmac_xatt
Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
> On Thu, 2017-07-06 at 19:17 -0300, Thiago Jung Bauermann wrote:
>> --- a/security/integrity/ima/ima_appraise.c
>> +++ b/security/integrity/ima/ima_appraise.c
>> @@ -200,18 +200,40 @@ int ima_read_xattr(struct dent
Michael Ellerman <m...@ellerman.id.au> writes:
> Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes:
>
>> On the OpenPOWER platform, secure boot and trusted boot are being
>> implemented using IMA for taking measurements and verifying signatures.
>
Hello Mimi,
Thanks for your review, and for queuing the other patches in this series.
Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
> On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote:
>> This patch introduces the modsig keyword to the IMA policy syntax to
>>
ata, since in most places the array
doesn't hold a digest.
A separate struct evm_hmac_xattr is introduced, with the original
definition of evm_ima_xattr_data to be used in the places that actually
expect that definition.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
se
If the file doesn't have an xattr, ima_appraise_measurement sets cause to
"missing-hash" while if there's an xattr but it's a digest instead of a
signature it sets cause to "IMA-signature-required".
Fix it by setting cause to "IMA-signature-required" in both case
GRITY_SIGNATURE to select CONFIG_KEYS instead of
depending on it is to avoid a dependency recursion in
CONFIG_IMA_APPRAISE_MODSIG, because CONFIG_MODULE_SIG_FORMAT selects
CONFIG_KEYS and Kconfig complains that CONFIG_INTEGRITY_SIGNATURE depends
on it.
Signed-off-by: Thiago Jung Bauermann <bauer...@lin
-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/digsig_asymmetric.c | 4 ++--
security/integrity/iint.c | 2 +-
security/integrity/ima/ima.h | 2 +-
security/integrity/ima/ima_appraise.c | 1 +
security/integrity/ima/ima_policy.c
function.
- Put modsig to measurement list if the template requires the signature
contents. (suggested by Mimi).
Thiago Jung Bauermann (6):
integrity: Small code improvements
ima: Simplify policy_func_show.
ima: Log the same audit cause whenever a file has no signature
integrity: Introduc
of the raw bytes that
verify_pkcs7_signature takes.
Finally, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use validate_module_signature without having to depend on
CONFIG_MODULE_SIG.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
they
are always in sync (suggested by Mimi Zohar).
Finally, by using the printf pattern for the function token directly
instead of using the pt macro we can simplify policy_func_show even further
and avoid needing a temporary buffer.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.
The "goto out" statement doesn't have any purpose since there's no cleanup
to be done when returning early, so remove it. This also makes the rc
variable unnecessary so remove it as well.
Also, the xattr_len and fmt variables are redundant so remove them as well.
Signed-off-by: T
the object files from
before and after the patch. They are identical.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/evm/evm_posix_acl.c | 8
security/integrity/ima/ima_fs.c| 6 +++---
security/integrity/ima/ima_queue.c | 6 +++
This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by
a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
Replace nested ifs in the EVM xattr verification logic with a switch
statement, making the code easier to understand.
Also, add comments to the if statements in the out section.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vne
.
Confirmed that the patch is correct by comparing the object files from
before and after the patch. They are identical.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_appraise.c | 11 +--
security/integrity/ima/ima_template_lib.
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/digsig.c| 28 +++-
security/int
verify_pkcs7_message_signature which takes a struct
pkcs7_message for verification instead of the raw bytes that
verify_pkcs7_signature takes.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
certs/system_keyring.c| 60 +--
crypto/asymmetri
ima_read_modsig will need it so that it can show an error message.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_policy.c | 12 ++--
2 files changed, 8 insertions(+), 6 deletions(-)
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/integrity/ima/ima_main.c
b/security/integrity/ima/ima_main.c
index 747a4fd9e2de..8e96450e27f5 100644
--
is correct by comparing the object file from
before and after the patch. They are identical.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_appraise.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integri
because the actual modsig implementation
will be introduced in a separate patch.
Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
Documentation/ABI/testing/ima_policy | 6 +-
security/integrity/ima/Kconfi
that it can be easily
dropped if the churn and conflict potential is deemed not worth it.
Confirmed that the patch is correct by comparing the object files from
before and after the patch. They are identical.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
se
This patch actually implements the appraise_type=modsig option, allowing
IMA to read and verify modsig signatures
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 17 +++--
security/integrity/ima/ima_appraise.c
yxattr even in the case of xattr
signature in ima_appraise_measurement (suggested by Mimi Zohar).
- Use switch statement provided by Mimi Zohar to check result of
evm_verifyxattr.
- If the modsig verification succeeds, copy the hash calculated during
the verification to the iint cac
Add modsig support for templates which require the contents of the file
signature to be included in the measurement list.
Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h
ata, since in most places the array
doesn't hold a digest.
A separate struct evm_xattr is introduced, with the original definition of
evm_ima_xattr_data to be used in the places that actually expect that
definition.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
securi
validate_module_signature without having to depend on
CONFIG_MODULE_SIG.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
include/linux/module.h | 3 --
include/linux/module_signature.h | 47 +
init/Kconfig | 6 +++-
kernel/Ma
This is the code needed by IMA-appraise to work with modsig signatures.
It will be used by the next patch.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/Kconfig | 3 +
security/integrity/ima/ima.h| 34 +++
security/int
and not actually required, just don't do it.
Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_appraise.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/i
ima_read_modsig() will need it so that it can show an error message.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_policy.c | 12 ++--
2 files changed, 8 insertions(+), 6 deletions(-)
diff
ed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
---
security/integrity/ima/ima.h | 5 +
security/integrity/ima/ima_appraise.c | 7 +++
security/integrity/ima/ima_template_lib.c | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/security/integrity
This avoids a dependency cycle in soon-to-be-introduced
CONFIG_IMA_APPRAISE_MODSIG: it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann <ba
function.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/digsig_asymmetric.c | 44 +-
security/integrity/integrity.h | 8 +++
2 files changed, 41 inser
egrity/ima/ima_modsig.c
new file mode 100644
index ..d8ea811b6f74
--- /dev/null
+++ b/security/integrity/ima/ima_modsig.c
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * IMA support for appraising module-style appended signatures.
+ *
+ * Copyright (C) 2018 IBM Corporatio
. Verifying that
sinfo->sig->digest isn't NULL is sufficient because both places which
allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info())
use kzalloc() so sig->digest is always initialized to zero.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
Revie
t;ima: Write modsig to the measurement list"
- Since now we determine whether we'll use an xattr sig or a modsig
at the time they are read, there's no need to store a measurement
again in the modsig case. Thus, this patch doesn't need to change
ima_store_measurement() nor proces
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/digs
ost places the array doesn't hold a
digest.
A separate struct evm_xattr is introduced, with the original definition of
evm_ima_xattr_data to be used in the places that actually expect that
definition.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
---
security/integrity/
() without having to depend on
CONFIG_MODULE_SIG.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
Reviewed-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Cc: Jessica Yu <j...@kernel.org>
---
include/linux/module.h | 3 --
include/linux/modul
message, so add pkcs7_get_message_sig().
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
Reviewed-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Cc: David Howells <dhowe...@redhat.com>
Cc: David Woodhouse <dw...@infradead.org>
Cc: Herbert Xu <herb...@gondor
-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
---
security/integrity/ima/Kconfig| 3 +
security/integrity/ima/ima.h | 36 -
security/integrity/ima/ima_appraise.c | 64 +--
security/integrity/ima/ima_main.c | 17 +++-
security/integri
Define new "d-sig" template field which holds the digest that is expected
to match the one contained in the modsig.
Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
---
Documentation/security/IMA-templates.rst
with
the modsig. This is done by defining the appraise subaction flag
IMA_READ_MEASURE and testing for it in process_measurement().
Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
---
security/integrity/ima/ima.h
Add modsig support to the "sig" template field, allowing the the contents
of the modsig to be included in the measurement list.
Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.ibm.com>
---
security/integrity/ima/i
Hello Mimi,
Thanks for your review.
Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
> On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
>
>> diff --git a/security/integrity/ima/ima_main.c
>> b/security/integrity/ima/ima_main.c
>> index 6a2
Mimi Zohar <zo...@linux.vnet.ibm.com> writes:
> On Tue, 2017-10-17 at 22:53 -0200, Thiago Jung Bauermann wrote:
>> IMA will use the module_signature format for append signatures, so export
>> the relevant definitions and factor out the code which verifies that the
>>
. Verifying that
sinfo->sig->digest isn't NULL is sufficient because both places which
allocate sinfo->sig (pkcs7_parse_message() and pkcs7_note_signed_info())
use kzalloc() so sig->digest is always initialized to zero.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
ed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 5 +
security/integrity/ima/ima_appraise.c | 7 +++
security/integrity/ima/ima_template_lib.c | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/security/i
Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes:
> Now the modsig is only ignored if it references a signature that is not
> present in IMA's keyring (or if there's a parsing error, obviously). If the
The above should read "Now the modsig is only ignored if it
signature.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 11 +++-
security/integrity/ima/ima_appraise.c | 53 +++
security/integrity/ima/ima_main.c | 21 +++---
3 files chang
d-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
Documentation/security/IMA-templates.rst | 5
security/integrity/ima/ima_template.c | 4 ++-
security/integrity/ima/ima_template_lib.c | 47 +++
com>
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
Documentation/ABI/testing/ima_policy | 6 +-
security/integrity/ima/Kconfig | 10 ++
security/integrity/ima/Makefile | 1 +
security/integrity/ima/ima.h | 9 +
security/i
function.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/digsig_asymmetric.c | 44 +-
security/integrity/integrity.h | 8 +++
2 files changed, 41 insertions(+), 11 deletions(-)
diff --git a/security/int
ima_read_modsig() will need it so that it can show an error message.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_policy.c | 12 ++--
2 files changed, 8 insertions(+), 6 deletions(-)
This is the code needed by IMA-appraise to work with modsig signatures.
It will be used by the next two patches.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/ima/Kconfig | 3 +
security/integrity/ima/ima.h| 41
se
that verify_pkcs7_signature()
takes.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
Cc: David Howells <dhowe...@redhat.com>
Cc: David Woodhouse <dw...@infradead.org>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: "David S. Miller" <da...@davem
n fails.
- Pass NULL xattr_value to evm_verifyxattr even in the case of xattr
signature in ima_appraise_measurement (suggested by Mimi Zohar).
- Use switch statement provided by Mimi Zohar to check result of
evm_verifyxattr.
- If the modsig verification succeeds, copy the hash calculated during
() without having to depend on
CONFIG_MODULE_SIG.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
Reviewed-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Cc: Jessica Yu <j...@kernel.org>
---
include/linux/module.h | 3 --
include/linux/modul
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com>
---
security/integrity/digsig.c| 28 +---
security/int
This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by
a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
92 matches
Mail list logo