[PATCH v7 2/5] IMA: Define an IMA hook to measure keys

Lakshmi Ramasubramanian nramas at linux.microsoft.com
Thu Nov 14 18:30:37 UTC 2019


On 11/13/19 7:11 PM, Lakshmi Ramasubramanian wrote:

> The IMA hook is defined in a new file namely ima_asymmetric_keys.c
> which is built only if CONFIG_KEYS is enabled.

I think instead of CONFIG_KEYS I should use 
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE for ima_asymmetric_keys.c since 
this config is enabled only when both CONFIG_ASYMMETRIC_KEY_TYPE and 
CONFIG_KEYS are enabled.

Please see below taken from "crypto/asymmetric_keys/Kconfig"

# SPDX-License-Identifier: GPL-2.0
menuconfig ASYMMETRIC_KEY_TYPE
         bool "Asymmetric (public-key cryptographic) key type"
         depends on KEYS
         help
           This option provides support for a key type that holds the 
data for
           the asymmetric keys used for public key cryptographic 
operations such
           as encryption, decryption, signature generation and signature
           verification.

if ASYMMETRIC_KEY_TYPE

config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
         tristate "Asymmetric public-key crypto algorithm subtype"

endif # ASYMMETRIC_KEY_TYPE

thanks,
  -lakshmi



More information about the Linux-security-module-archive mailing list