[PATCH v3 00/14] KEYS: Add support for PGP keys and signatures
Roberto Sassu
roberto.sassu at huaweicloud.com
Sun Sep 15 17:52:13 UTC 2024
On 9/15/2024 11:31 AM, Herbert Xu wrote:
> On Sun, Sep 15, 2024 at 05:15:25PM +0800, Herbert Xu wrote:
>>
>> Roberto, correct me if I'm wrong but your intended use case is
>> the following patch series, right?
>
> Actually the meat of the changes is in the following series:
>
> https://lore.kernel.org/linux-integrity/20240905150543.3766895-1-roberto.sassu@huaweicloud.com/
Yes, correct. The idea is to verify the authenticity of RPM headers,
extract the file digests from them, and use those file digests as
reference values for integrity checking of files accessed by user space
processes.
If the calculated digest of a file being accessed matches one extracted
from the RPM header, access is granted otherwise it is denied.
Roberto
More information about the Linux-security-module-archive
mailing list