[PATCH] integrity: support new struct public_key_signature encoding field
Denis Kenzior
denkenz at gmail.com
Mon Nov 12 16:42:35 UTC 2018
Hi Mimi,
On 11/11/2018 08:29 AM, Mimi Zohar wrote:
> On systems with IMA-appraisal enabled with a policy requiring file
> signatures, the "good" signature values are stored on the filesystem as
> extended attributes (security.ima). Signature verification failure
> would normally be limited to just a particular file (eg. executable),
> but during boot signature verification failure could result in a system
> hang.
>
> Defining and requiring a new public_key_signature field requires all
> callers of asymmetric signature verification to be updated to reflect
> the change. This patch updates the integrity asymmetric_verify()
> caller.
>
> Fixes: 82f94f24475c ("KEYS: Provide software public key query function [ver #2]")
> Signed-off-by: Mimi Zohar <zohar at linux.ibm.com>
> Cc: David Howells <dhowells at redhat.com>
> Cc: Denis Kenzior <denkenz at gmail.com>
> ---
> security/integrity/digsig_asymmetric.c | 1 +
> 1 file changed, 1 insertion(+)
>
Acked/Reviewed by: Denis Kenzior <denkenz at gmail.com>
Regards,
-Denis
More information about the Linux-security-module-archive
mailing list