OpenCloudOS-Kernel/security/integrity
Mimi Zohar fd35f192e4 integrity: support new struct public_key_signature encoding field
On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima).  Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system
hang.

Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change.  This patch updates the integrity asymmetric_verify()
caller.

Fixes: 82f94f2447 ("KEYS: Provide software public key query function [ver #2]")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Acked-by: Denis Kenzior <denkenz@gmail.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
2018-11-13 13:09:56 -08:00
..
evm security/integrity: constify some read-only data 2018-10-10 12:56:15 -04:00
ima ima: open a new file instance if no read permissions 2018-10-10 15:18:00 -04:00
Kconfig security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA 2016-04-12 19:54:58 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
digsig.c security/integrity: remove unnecessary 'init_keyring' variable 2018-10-10 12:56:15 -04:00
digsig_asymmetric.c integrity: support new struct public_key_signature encoding field 2018-11-13 13:09:56 -08:00
iint.c LSM: Record LSM name in struct lsm_info 2018-10-10 20:40:22 -07:00
integrity.h ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set 2018-07-18 07:27:22 -04:00
integrity_audit.c ima: Use audit_log_format() rather than audit_log_string() 2018-07-18 07:27:22 -04:00