/linux-6.3-rc2/security/integrity/ima/ |
A D | ima_modsig.c | 18 struct modsig { struct 41 struct modsig **modsig) in ima_read_modsig() argument 45 struct modsig *hdr; in ima_read_modsig() 85 *modsig = hdr; in ima_read_modsig() 112 rc = pkcs7_get_digest(modsig->pkcs7_msg, &modsig->digest, in ima_collect_modsig() 113 &modsig->digest_size, &modsig->hash_algo); in ima_collect_modsig() 116 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig) in ima_modsig_verify() argument 132 int ima_get_raw_modsig(const struct modsig *modsig, const void **data, in ima_get_raw_modsig() argument 141 void ima_free_modsig(struct modsig *modsig) in ima_free_modsig() argument 143 if (!modsig) in ima_free_modsig() [all …]
|
A D | ima.h | 68 const struct modsig *modsig; member 231 struct modsig; 266 enum hash_algo algo, struct modsig *modsig); 270 int xattr_len, const struct modsig *modsig, int pcr, 316 const struct modsig *modsig, int pcr); 321 int xattr_len, const struct modsig *modsig); 334 const struct modsig *modsig, int pcr) in ima_check_blacklist() argument 345 const struct modsig *modsig) in ima_appraise_measurement() argument 386 struct modsig **modsig); 392 void ima_free_modsig(struct modsig *modsig); [all …]
|
A D | ima_api.c | 243 enum hash_algo algo, struct modsig *modsig) in ima_collect_measurement() argument 259 if (modsig) in ima_collect_measurement() 260 ima_collect_modsig(modsig, buf, size); in ima_collect_measurement() 343 int xattr_len, const struct modsig *modsig, int pcr, in ima_store_measurement() argument 356 .modsig = modsig }; in ima_store_measurement() 365 if (iint->measured_pcrs & (0x1 << pcr) && !modsig) in ima_store_measurement()
|
A D | ima_appraise.c | 418 static int modsig_verify(enum ima_hooks func, const struct modsig *modsig, in modsig_verify() argument 423 rc = integrity_modsig_verify(INTEGRITY_KEYRING_IMA, modsig); in modsig_verify() 427 modsig); in modsig_verify() 447 const struct modsig *modsig, int pcr) in ima_check_blacklist() argument 457 if (iint->flags & IMA_MODSIG_ALLOWED && modsig) { in ima_check_blacklist() 458 ima_get_modsig_digest(modsig, &hash_algo, &digest, &digestsize); in ima_check_blacklist() 482 int xattr_len, const struct modsig *modsig) in ima_appraise_measurement() argument 490 bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; in ima_appraise_measurement() 557 rc = modsig_verify(func, modsig, &status, &cause); in ima_appraise_measurement()
|
A D | ima_main.c | 215 struct modsig *modsig = NULL; in process_measurement() local 331 rc = ima_read_modsig(func, buf, size, &modsig); in process_measurement() 341 rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig); in process_measurement() 350 xattr_value, xattr_len, modsig, pcr, in process_measurement() 353 rc = ima_check_blacklist(iint, modsig, pcr); in process_measurement() 358 xattr_len, modsig); in process_measurement() 386 ima_free_modsig(modsig); in process_measurement()
|
A D | ima_template_lib.c | 456 if (!event_data->modsig) in ima_eventdigest_modsig_init() 467 rc = ima_get_modsig_digest(event_data->modsig, &hash_algo, in ima_eventdigest_modsig_init() 573 if (!event_data->modsig) in ima_eventmodsig_init() 580 rc = ima_get_raw_modsig(event_data->modsig, &data, &data_len); in ima_eventmodsig_init()
|
A D | Kconfig | 248 The modsig keyword can be used in the IMA policy to allow a hook
|
/linux-6.3-rc2/security/integrity/ |
A D | integrity.h | 192 struct modsig; 198 int integrity_modsig_verify(unsigned int id, const struct modsig *modsig); 214 const struct modsig *modsig) in integrity_modsig_verify() argument 245 int ima_modsig_verify(struct key *keyring, const struct modsig *modsig); 248 const struct modsig *modsig) in ima_modsig_verify() argument
|
A D | digsig.c | 87 int integrity_modsig_verify(const unsigned int id, const struct modsig *modsig) in integrity_modsig_verify() argument 95 return ima_modsig_verify(keyring, modsig); in integrity_modsig_verify()
|
/linux-6.3-rc2/Documentation/security/ |
A D | IMA-templates.rst | 72 - 'd-modsig': the digest of the event without the appended modsig; 76 - 'modsig' the appended file signature; 96 - "ima-modsig": its format is ``d-ng|n-ng|sig|d-modsig|modsig``;
|
/linux-6.3-rc2/Documentation/ABI/testing/ |
A D | ima_policy | 51 appraise_type:= [imasig] | [imasig|modsig] | [sigv3] 54 where 'modsig' is an appended signature, 146 Example of appraise rule allowing modsig appended signatures: 148 appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig
|