[PATCH] integrity: support new struct public_key_signature encoding field

Denis Kenzior denkenz at gmail.com
Mon Nov 12 16:42:35 UTC 2018


Hi Mimi,

On 11/11/2018 08:29 AM, Mimi Zohar wrote:
> On systems with IMA-appraisal enabled with a policy requiring file
> signatures, the "good" signature values are stored on the filesystem as
> extended attributes (security.ima).  Signature verification failure
> would normally be limited to just a particular file (eg. executable),
> but during boot signature verification failure could result in a system
> hang.
> 
> Defining and requiring a new public_key_signature field requires all
> callers of asymmetric signature verification to be updated to reflect
> the change.  This patch updates the integrity asymmetric_verify()
> caller.
> 
> Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]")
> Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>
> Cc: David Howells <dhowells at redhat.com>
> Cc: Denis Kenzior <denkenz at gmail.com>
> ---
>   security/integrity/digsig_asymmetric.c | 1 +
>   1 file changed, 1 insertion(+)
> 

Acked/Reviewed by: Denis Kenzior <denkenz at gmail.com>

Regards,
-Denis



More information about the Linux-security-module-archive mailing list